Cross-Model Anecdotes – full_cve_ids_3.1_header · seed=42 · metric=c
Models: xlnet, lrp-bert, lrp-distilbert

#1 · cve_id CVE-2020-15588 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁the ▁client sid e ▁of Zoho ManageEngine Desktop ▁Central ▁10 . 0 . 55 2 . W . ▁An attacker-controlled ▁server ▁can ▁trigger ▁an ▁integer overflow ▁in ▁Internet S end Request ▁Ex ▁and ▁Internet S end Request ▁By Bi t rate ▁that ▁leads ▁to ▁a heap-based ▁buffer overflow ▁and Remote ▁Code Execution ▁with SYSTEM ▁privileges . ▁This ▁issue ▁will ▁occur ▁only ▁when untrusted ▁communication ▁is init iated ▁with ▁server . ▁In ▁cloud ▁Agent ▁will ▁always ▁connect ▁with ▁trusted ▁communication . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication.
SHAP (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10. 0. 552. W. An attacker- controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap- based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in the cli en ##t sid e of Zoho ManageEngine Desktop Central 10 . 0 . 55 ##2 . W . An attacker-controlled server can trigger an int e ##ger overflow in Internet ##S ##end Request Ex and Internet ##S ##end Request By ##B ##it ##rate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges . This issue will occur only when untrusted communication is init i ##ated with server . In cloud Agent will always connect with trusted communication . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in the cli en ##t sid e of Zoho ManageEngine Desktop Central 10 . 0 . 55 ##2 . W . An attacker-controlled server can trigger an int e ##ger overflow in Internet ##S ##end Request Ex and Internet ##S ##end Request By ##B ##it ##rate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges . This issue will occur only when untrusted communication is init i ##ated with server . In cloud Agent will always connect with trusted communication . [SEP]
LIME (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication.
SHAP (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10. 0. 552. W. An attacker- controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap- based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in the cli en ##t sid e of Zoho ManageEngine Desktop Central 10 . 0 . 55 ##2 . W . An attacker-controlled server can trigger an int e ##ger overflow in Internet ##S ##end Request Ex and Internet ##S ##end Request By ##B ##it ##rate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges . This issue will occur only when untrusted communication is init i ##ated with server . In cloud Agent will always connect with trusted communication . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in the cli en ##t sid e of Zoho ManageEngine Desktop Central 10 . 0 . 55 ##2 . W . An attacker-controlled server can trigger an int e ##ger overflow in Internet ##S ##end Request Ex and Internet ##S ##end Request By ##B ##it ##rate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges . This issue will occur only when untrusted communication is init i ##ated with server . In cloud Agent will always connect with trusted communication . [SEP]
LIME (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication.
SHAP (words)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10. 0. 552. W. An attacker- controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap- based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud Agent will always connect with trusted communication
#2 · cve_id CVE-2023-36118 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Cross ▁Site Scripting ▁vulnerability ▁in ▁Faculty ▁Eva ulation ▁System ▁using PHP / MySQL i ▁v . 1 . 0 ▁allows ▁an ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁via ▁a ▁crafted ▁payload ▁to ▁the ▁page param eter . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.
SHAP (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/ MySQLi v. 1. 0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter
lrp-bert · Pred=LOW (1) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting vulnerability in Faculty Eva ##ulation System using PHP / MySQL i v . 1 . 0 allows an attacker to exec u ##te arbitrary code via a crafted payload to the page param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting vulnerability in Faculty Eva ##ulation System using PHP / MySQL i v . 1 . 0 allows an attacker to exec u ##te arbitrary code via a crafted payload to the page param et ##er . [SEP]
LIME (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.
SHAP (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/ MySQLi v. 1. 0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter
lrp-distilbert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting vulnerability in Faculty Eva ##ulation System using PHP / MySQL i v . 1 . 0 allows an attacker to exec u ##te arbitrary code via a crafted payload to the page param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting vulnerability in Faculty Eva ##ulation System using PHP / MySQL i v . 1 . 0 allows an attacker to exec u ##te arbitrary code via a crafted payload to the page param et ##er . [SEP]
LIME (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.
SHAP (words)
Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/ MySQLi v. 1. 0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter
#3 · cve_id CVE-2023-21693 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft PostScript ▁and ▁PC L 6 ▁Class Printer ▁Driver ▁In for matio n Disclosure Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
SHAP (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft PostScript and PC ##L ##6 Class Printer Driver In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft PostScript and PC ##L ##6 Class Printer Driver In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
SHAP (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft PostScript and PC ##L ##6 Class Printer Driver In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft PostScript and PC ##L ##6 Class Printer Driver In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
SHAP (words)
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
#4 · cve_id CVE-2024-0918 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in TRENDnet ▁T EW - 800 MB ▁1 . 0 . 1 . 0 ▁and cla ssi fi ed ▁as ▁critical . Affected ▁by ▁this ▁issue ▁is ▁some ▁unknown ▁functionality ▁of ▁the ▁component POST Request Handler . ▁The ▁manipulation ▁of ▁the ▁argument Device URL ▁leads ▁to os ▁command inject ion . ▁The ▁attack ▁may ▁be ▁launched ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁V DB - 25 212 2 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁The ▁vendor ▁was ▁contacted ▁early ▁about ▁this ▁di sc los ure ▁but ▁did ▁not ▁respond ▁in ▁any ▁way . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)
A vulnerability was found in TRENDnet TEW- 800MB 1. 0. 1. 0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in TRENDnet T ##E ##W - 800 ##MB 1 . 0 . 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the component POST Request Handler . The man ip ul ##ation of the argument Device URL leads to o ##s command inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 252 ##12 ##2 is the identifier a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in TRENDnet T ##E ##W - 800 ##MB 1 . 0 . 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the component POST Request Handler . The man ip ul ##ation of the argument Device URL leads to o ##s command inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 252 ##12 ##2 is the identifier a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)
A vulnerability was found in TRENDnet TEW- 800MB 1. 0. 1. 0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in TRENDnet T ##E ##W - 800 ##MB 1 . 0 . 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the component POST Request Handler . The man ip ul ##ation of the argument Device URL leads to o ##s command inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 252 ##12 ##2 is the identifier a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in TRENDnet T ##E ##W - 800 ##MB 1 . 0 . 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the component POST Request Handler . The man ip ul ##ation of the argument Device URL leads to o ##s command inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 252 ##12 ##2 is the identifier a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)
A vulnerability was found in TRENDnet TEW- 800MB 1. 0. 1. 0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
#5 · cve_id CVE-2023-28101 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Flat pak ▁is ▁a ▁system ▁for ▁building ▁distributing ▁and ▁running sandboxed ▁desktop ▁applications ▁on ▁Linux . ▁In ▁versions ▁prior ▁to ▁1 . 10 . 8 ▁1 . 12 . 8 ▁1 . 14 . 4 ▁and ▁1 . 15 . 4 ▁if ▁an ▁attacker ▁publishes ▁a ▁Flat pak ▁app ▁with elevate d permissions ▁they ▁can ▁hide ▁those permissions ▁from ▁users ▁of ▁the ▁` flat pak ( 1 ) ` command-line ▁interface ▁by ▁setting ▁other permissions ▁to ▁crafted ▁values ▁that ▁contain ▁non - print able ▁control ▁characters ▁such ▁as ▁` ES C ` . ▁A ▁fix ▁is ▁available ▁in ▁versions ▁1 . 10 . 8 ▁1 . 12 . 8 ▁1 . 14 . 4 ▁and ▁1 . 15 . 4 . ▁As ▁a workaround ▁use ▁a GUI ▁like GNOME ▁Software ▁rather ▁than ▁the command-line ▁interface ▁or ▁only ▁install ▁apps ▁whose maintainers ▁you ▁trust . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1.10.8 1.12.8 1.14.4 and 1.15.4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8 1.12.8 1.14.4 and 1.15.4. As a workaround use a GUI like GNOME Software rather than the command-line interface or only install apps whose maintainers you trust.
SHAP (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the ` flatpak( 1)` command- line interface by setting other permissions to crafted values that contain non- printable control characters such as ` ESC`. A fix is available in versions 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4. As a workaround use a GUI like GNOME Software rather than the command- line interface or only install apps whose maintainers you trust
lrp-bert · Pred=NONE (0) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Flat ##pa ##k is a system for building distributing and running sandboxed desktop applications on Linux . In versions prior to 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 if an attacker publishes a Flat ##pa ##k app with elevate d permissions they can hide those permissions from users of the ` flat ##pa ##k ( 1 ) ` command-line int er ##face by setting other permissions to crafted values that contain non - p ##r int able control char act ##ers such as ` ES C ` . A fix is available in versions 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 . As a workaround use a GUI like GNOME Software rather than the command-line int er ##face or only install apps whose maintainers you trust . [SEP]
LRP (+Pred, pos-only)
[CLS] Flat ##pa ##k is a system for building distributing and running sandboxed desktop applications on Linux . In versions prior to 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 if an attacker publishes a Flat ##pa ##k app with elevate d permissions they can hide those permissions from users of the ` flat ##pa ##k ( 1 ) ` command-line int er ##face by setting other permissions to crafted values that contain non - p ##r int able control char act ##ers such as ` ES C ` . A fix is available in versions 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 . As a workaround use a GUI like GNOME Software rather than the command-line int er ##face or only install apps whose maintainers you trust . [SEP]
LIME (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1.10.8 1.12.8 1.14.4 and 1.15.4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8 1.12.8 1.14.4 and 1.15.4. As a workaround use a GUI like GNOME Software rather than the command-line interface or only install apps whose maintainers you trust.
SHAP (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the ` flatpak( 1)` command- line interface by setting other permissions to crafted values that contain non- printable control characters such as ` ESC`. A fix is available in versions 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4. As a workaround use a GUI like GNOME Software rather than the command- line interface or only install apps whose maintainers you trust
lrp-distilbert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Flat ##pa ##k is a system for building distributing and running sandboxed desktop applications on Linux . In versions prior to 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 if an attacker publishes a Flat ##pa ##k app with elevate d permissions they can hide those permissions from users of the ` flat ##pa ##k ( 1 ) ` command-line int er ##face by setting other permissions to crafted values that contain non - p ##r int able control char act ##ers such as ` ES C ` . A fix is available in versions 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 . As a workaround use a GUI like GNOME Software rather than the command-line int er ##face or only install apps whose maintainers you trust . [SEP]
LRP (+Pred, pos-only)
[CLS] Flat ##pa ##k is a system for building distributing and running sandboxed desktop applications on Linux . In versions prior to 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 if an attacker publishes a Flat ##pa ##k app with elevate d permissions they can hide those permissions from users of the ` flat ##pa ##k ( 1 ) ` command-line int er ##face by setting other permissions to crafted values that contain non - p ##r int able control char act ##ers such as ` ES C ` . A fix is available in versions 1 . 10 . 8 1 . 12 . 8 1 . 14 . 4 and 1 . 15 . 4 . As a workaround use a GUI like GNOME Software rather than the command-line int er ##face or only install apps whose maintainers you trust . [SEP]
LIME (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1.10.8 1.12.8 1.14.4 and 1.15.4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8 1.12.8 1.14.4 and 1.15.4. As a workaround use a GUI like GNOME Software rather than the command-line interface or only install apps whose maintainers you trust.
SHAP (words)
Flatpak is a system for building distributing and running sandboxed desktop applications on Linux. In versions prior to 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4 if an attacker publishes a Flatpak app with elevated permissions they can hide those permissions from users of the ` flatpak( 1)` command- line interface by setting other permissions to crafted values that contain non- printable control characters such as ` ESC`. A fix is available in versions 1. 10. 8 1. 12. 8 1. 14. 4 and 1. 15. 4. As a workaround use a GUI like GNOME Software rather than the command- line interface or only install apps whose maintainers you trust
#6 · cve_id CVE-2023-35360 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Windows Kernel Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Windows Kernel Elevation of Privilege Vulnerability
SHAP (words)
Windows Kernel Elevation of Privilege Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows Kernel Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows Kernel Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Kernel Elevation of Privilege Vulnerability
SHAP (words)
Windows Kernel Elevation of Privilege Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows Kernel Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows Kernel Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Kernel Elevation of Privilege Vulnerability
SHAP (words)
Windows Kernel Elevation of Privilege Vulnerability
#7 · cve_id CVE-2020-28907 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Incorrect SSL ▁certificate validation ▁in Nagios ▁Fusion ▁4 . 1 . 8 ▁and ▁earlier ▁allows ▁for Escalation ▁of Privileges ▁or ▁Code Execution ▁as ▁root ▁via ▁vector s ▁related ▁to ▁download ▁of ▁an untrusted ▁update ▁package ▁in ▁upgrade _ to _ late st . sh . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
SHAP (words)
Incorrect SSL certificate validation in Nagios Fusion 4. 1. 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest. sh
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect SSL certificate validation in Nagios Fusion 4 . 1 . 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade _ to _ latest . s ##h . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect SSL certificate validation in Nagios Fusion 4 . 1 . 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade _ to _ latest . s ##h . [SEP]
LIME (words)
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
SHAP (words)
Incorrect SSL certificate validation in Nagios Fusion 4. 1. 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest. sh
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect SSL certificate validation in Nagios Fusion 4 . 1 . 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade _ to _ latest . s ##h . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect SSL certificate validation in Nagios Fusion 4 . 1 . 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade _ to _ latest . s ##h . [SEP]
LIME (words)
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
SHAP (words)
Incorrect SSL certificate validation in Nagios Fusion 4. 1. 8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest. sh
#8 · cve_id CVE-2022-36349 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Insecure ▁default ▁variable initialization ▁in BIOS firmware ▁for ▁some ▁Intel ( R ) NUC Boa rd s ▁and ▁Intel ( R ) NUC Kits ▁before ▁version MY i 300 60 ▁may ▁allow ▁an authenticated ▁user ▁to ▁potentially ▁enable ▁denial ▁of ▁service ▁via ▁local ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
SHAP (words)
Insecure default variable initialization in BIOS firmware for some Intel( R) NUC Boards and Intel( R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insecure default variable initialization in BIOS firmware for some Intel ( R ) NUC Boa r ##ds and Intel ( R ) NUC Kits before version M ##Y ##i ##30 ##0 ##60 may allow an authenticated user to potentially enable denial of service via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Insecure default variable initialization in BIOS firmware for some Intel ( R ) NUC Boa r ##ds and Intel ( R ) NUC Kits before version M ##Y ##i ##30 ##0 ##60 may allow an authenticated user to potentially enable denial of service via local access . [SEP]
LIME (words)
Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
SHAP (words)
Insecure default variable initialization in BIOS firmware for some Intel( R) NUC Boards and Intel( R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insecure default variable initialization in BIOS firmware for some Intel ( R ) NUC Boa r ##ds and Intel ( R ) NUC Kits before version M ##Y ##i ##30 ##0 ##60 may allow an authenticated user to potentially enable denial of service via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Insecure default variable initialization in BIOS firmware for some Intel ( R ) NUC Boa r ##ds and Intel ( R ) NUC Kits before version M ##Y ##i ##30 ##0 ##60 may allow an authenticated user to potentially enable denial of service via local access . [SEP]
LIME (words)
Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
SHAP (words)
Insecure default variable initialization in BIOS firmware for some Intel( R) NUC Boards and Intel( R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access
#9 · cve_id CVE-2021-22823 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁C WE - 30 6 : ▁Mi ssi ng Authentication ▁for ▁Critical Function ▁vulnerability ▁exists ▁that ▁could ▁cause deletion ▁of ▁arbitrary ▁files ▁in ▁the ▁context ▁of ▁the ▁user ▁running IGSS ▁due ▁to ▁lack ▁of validation ▁of ▁network ▁messages . Affected ▁Product : ▁Interactive Graphical SCADA ▁System ▁Data ▁Collector ( d c . ex e ) ( V 15 . 0 . 0 . 21 320 ▁and ▁prior ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
SHAP (words)
A CWE- 306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector ( dc. exe) ( V15. 0. 0. 21320 and prior
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 306 : Mi ssi ng Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages . Affected Product : Interactive Graphical SCADA System Data Collector ( d ##c . ex ##e ) ( V ##15 . 0 . 0 . 213 ##20 and prior ) [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 306 : Mi ssi ng Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages . Affected Product : Interactive Graphical SCADA System Data Collector ( d ##c . ex ##e ) ( V ##15 . 0 . 0 . 213 ##20 and prior ) [SEP]
LIME (words)
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
SHAP (words)
A CWE- 306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector ( dc. exe) ( V15. 0. 0. 21320 and prior
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 306 : Mi ssi ng Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages . Affected Product : Interactive Graphical SCADA System Data Collector ( d ##c . ex ##e ) ( V ##15 . 0 . 0 . 213 ##20 and prior ) [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 306 : Mi ssi ng Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages . Affected Product : Interactive Graphical SCADA System Data Collector ( d ##c . ex ##e ) ( V ##15 . 0 . 0 . 213 ##20 and prior ) [SEP]
LIME (words)
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
SHAP (words)
A CWE- 306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector ( dc. exe) ( V15. 0. 0. 21320 and prior
#10 · cve_id CVE-2021-46143 · c
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁do Pro log ▁in xml parse . c ▁in Expat ( aka lib exp at ) ▁before ▁2 . 4 . 3 ▁an ▁integer overflow ▁exists ▁for m _ group Size . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3 an integer overflow exists for m_groupSize.
SHAP (words)
In doProlog in xmlparse. c in Expat ( aka libexpat) before 2. 4. 3 an integer overflow exists for m_groupSize
lrp-bert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In do ##P ##rol ##og in xml parse . c in Expat ( aka l ##ibe ##x ##pa ##t ) before 2 . 4 . 3 an int e ##ger overflow exists for m _ group Size . [SEP]
LRP (+Pred, pos-only)
[CLS] In do ##P ##rol ##og in xml parse . c in Expat ( aka l ##ibe ##x ##pa ##t ) before 2 . 4 . 3 an int e ##ger overflow exists for m _ group Size . [SEP]
LIME (words)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3 an integer overflow exists for m_groupSize.
SHAP (words)
In doProlog in xmlparse. c in Expat ( aka libexpat) before 2. 4. 3 an integer overflow exists for m_groupSize
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In do ##P ##rol ##og in xml parse . c in Expat ( aka l ##ibe ##x ##pa ##t ) before 2 . 4 . 3 an int e ##ger overflow exists for m _ group Size . [SEP]
LRP (+Pred, pos-only)
[CLS] In do ##P ##rol ##og in xml parse . c in Expat ( aka l ##ibe ##x ##pa ##t ) before 2 . 4 . 3 an int e ##ger overflow exists for m _ group Size . [SEP]
LIME (words)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3 an integer overflow exists for m_groupSize.
SHAP (words)
In doProlog in xmlparse. c in Expat ( aka libexpat) before 2. 4. 3 an integer overflow exists for m_groupSize
#11 · cve_id CVE-2010-10007 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
** UNSUPPORTED WHEN ASSIGNED ** ▁A ▁vulnerability ▁was ▁found ▁in lier da kil ▁click - rem inder . ▁It ▁has ▁been ▁rated ▁as ▁critical . ▁This ▁issue ▁affects ▁the ▁function db ▁_ query ▁of ▁the ▁file src / backend / include / Base A ction . php . ▁The ▁manipulation ▁leads ▁to sql inject ion . ▁The identifier ▁of ▁the ▁patch ▁is ▁41 213 b 660 e 8 eb 01 b 22 c 80 74 f 06 208 f 59 a 73 ca 8 d c . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁The identifier ▁V DB - 21 84 65 ▁was ▁a ssi gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁This ▁vulnerability ▁only ▁affects ▁products ▁that ▁are ▁no ▁longer ▁supported ▁by ▁the maintainer . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click- reminder. It has been rated as critical. This issue affects the function db_query of the file src/ backend/ include/ BaseAction. php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB- 218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability was found in lie ##rda ##ki ##l cli c ##k - reminder . It has been rated as critical . This issue affects the function db _ query of the file src / backend / include / Base ##A ##ction . php . The man ip ul ##ation leads to sql inject ion . The identifier of the patch is 41 ##21 ##3 ##b ##6 ##60 ##e ##8 ##eb ##01 ##b ##22 ##c ##80 ##7 ##4 ##f ##0 ##6 ##20 ##8 ##f ##5 ##9 ##a ##7 ##3 ##ca ##8 ##d ##c . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##46 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LRP (+Pred, pos-only)
[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability was found in lie ##rda ##ki ##l cli c ##k - reminder . It has been rated as critical . This issue affects the function db _ query of the file src / backend / include / Base ##A ##ction . php . The man ip ul ##ation leads to sql inject ion . The identifier of the patch is 41 ##21 ##3 ##b ##6 ##60 ##e ##8 ##eb ##01 ##b ##22 ##c ##80 ##7 ##4 ##f ##0 ##6 ##20 ##8 ##f ##5 ##9 ##a ##7 ##3 ##ca ##8 ##d ##c . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##46 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LIME (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click- reminder. It has been rated as critical. This issue affects the function db_query of the file src/ backend/ include/ BaseAction. php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB- 218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability was found in lie ##rda ##ki ##l cli c ##k - reminder . It has been rated as critical . This issue affects the function db _ query of the file src / backend / include / Base ##A ##ction . php . The man ip ul ##ation leads to sql inject ion . The identifier of the patch is 41 ##21 ##3 ##b ##6 ##60 ##e ##8 ##eb ##01 ##b ##22 ##c ##80 ##7 ##4 ##f ##0 ##6 ##20 ##8 ##f ##5 ##9 ##a ##7 ##3 ##ca ##8 ##d ##c . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##46 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LRP (+Pred, pos-only)
[CLS] * * UNSUPPORTED WHEN ASSIGNED * * A vulnerability was found in lie ##rda ##ki ##l cli c ##k - reminder . It has been rated as critical . This issue affects the function db _ query of the file src / backend / include / Base ##A ##ction . php . The man ip ul ##ation leads to sql inject ion . The identifier of the patch is 41 ##21 ##3 ##b ##6 ##60 ##e ##8 ##eb ##01 ##b ##22 ##c ##80 ##7 ##4 ##f ##0 ##6 ##20 ##8 ##f ##5 ##9 ##a ##7 ##3 ##ca ##8 ##d ##c . It is recommended to apply a patch to fix this issue . The identifier V ##D ##B - 218 ##46 ##5 was a ssi g ##ned to this vulnerability . NOT E : This vulnerability only affects products that are no longer supported by the maintainer . [SEP]
LIME (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
SHAP (words)
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click- reminder. It has been rated as critical. This issue affects the function db_query of the file src/ backend/ include/ BaseAction. php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB- 218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
#12 · cve_id CVE-2019-17296 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
SugarCRM ▁before ▁8 . 0 . 4 ▁and ▁9 . x ▁before ▁9 . 0 . 2 ▁allows SQL inject ion ▁in ▁the Contacts ▁module ▁by ▁a ▁Regular ▁user . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
SHAP (words)
SugarCRM before 8. 0. 4 and 9. x before 9. 0. 2 allows SQL injection in the Contacts module by a Regular user
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SugarCRM before 8 . 0 . 4 and 9 . x before 9 . 0 . 2 allows SQL inject ion in the Contacts mod ul ##e by a Regular user . [SEP]
LRP (+Pred, pos-only)
[CLS] SugarCRM before 8 . 0 . 4 and 9 . x before 9 . 0 . 2 allows SQL inject ion in the Contacts mod ul ##e by a Regular user . [SEP]
LIME (words)
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
SHAP (words)
SugarCRM before 8. 0. 4 and 9. x before 9. 0. 2 allows SQL injection in the Contacts module by a Regular user
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SugarCRM before 8 . 0 . 4 and 9 . x before 9 . 0 . 2 allows SQL inject ion in the Contacts mod ul ##e by a Regular user . [SEP]
LRP (+Pred, pos-only)
[CLS] SugarCRM before 8 . 0 . 4 and 9 . x before 9 . 0 . 2 allows SQL inject ion in the Contacts mod ul ##e by a Regular user . [SEP]
LIME (words)
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
SHAP (words)
SugarCRM before 8. 0. 4 and 9. x before 9. 0. 2 allows SQL injection in the Contacts module by a Regular user
#13 · cve_id CVE-2022-20354 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁on Default ▁Network Change d ▁of ▁V p n . java ▁there ▁is ▁a ▁po ssi ble ▁way ▁to disable VPN ▁due ▁to ▁a ▁logic err ▁or ▁in ▁the ▁code . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 11 ▁Android - 12 ▁Android - 12 L And roid ▁ID : ▁A - 2 19 546 24 1 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In onDefaultNetworkChanged of Vpn.java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241
SHAP (words)
In onDefaultNetworkChanged of Vpn. java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12LAndroid ID: A- 219546241
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In on Default Network ##C ##hang ##ed of V ##p ##n . java there is a p ##o ssi b ##le way to disable VPN due to a logic err or in the code . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##LA ##nd ##roid ID : A - 219 ##5 ##46 ##24 ##1 [SEP]
LRP (+Pred, pos-only)
[CLS] In on Default Network ##C ##hang ##ed of V ##p ##n . java there is a p ##o ssi b ##le way to disable VPN due to a logic err or in the code . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##LA ##nd ##roid ID : A - 219 ##5 ##46 ##24 ##1 [SEP]
LIME (words)
In onDefaultNetworkChanged of Vpn.java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241
SHAP (words)
In onDefaultNetworkChanged of Vpn. java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12LAndroid ID: A- 219546241
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In on Default Network ##C ##hang ##ed of V ##p ##n . java there is a p ##o ssi b ##le way to disable VPN due to a logic err or in the code . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##LA ##nd ##roid ID : A - 219 ##5 ##46 ##24 ##1 [SEP]
LRP (+Pred, pos-only)
[CLS] In on Default Network ##C ##hang ##ed of V ##p ##n . java there is a p ##o ssi b ##le way to disable VPN due to a logic err or in the code . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##LA ##nd ##roid ID : A - 219 ##5 ##46 ##24 ##1 [SEP]
LIME (words)
In onDefaultNetworkChanged of Vpn.java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241
SHAP (words)
In onDefaultNetworkChanged of Vpn. java there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12LAndroid ID: A- 219546241
#14 · cve_id CVE-2022-20512 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁navigate Up To ▁of ▁Task . java ▁there ▁is ▁a ▁po ssi ble ▁way ▁to ▁launch ▁an ▁intent handler ▁with ▁a mismatch ed ▁intent ▁due ▁to improper ▁input validation . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 13 And roid ▁ID : ▁A - 2 38 60 28 79 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In navigateUpTo of Task.java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879
SHAP (words)
In navigateUpTo of Task. java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 13Android ID: A- 238602879
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In navigate ##U ##p ##T ##o of Task . java there is a p ##o ssi b ##le way to launch an int en ##t handler with a mismatch ed int en ##t due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 13 ##A ##nd ##roid ID : A - 238 ##60 ##28 ##7 ##9 [SEP]
LRP (+Pred, pos-only)
[CLS] In navigate ##U ##p ##T ##o of Task . java there is a p ##o ssi b ##le way to launch an int en ##t handler with a mismatch ed int en ##t due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 13 ##A ##nd ##roid ID : A - 238 ##60 ##28 ##7 ##9 [SEP]
LIME (words)
In navigateUpTo of Task.java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879
SHAP (words)
In navigateUpTo of Task. java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 13Android ID: A- 238602879
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In navigate ##U ##p ##T ##o of Task . java there is a p ##o ssi b ##le way to launch an int en ##t handler with a mismatch ed int en ##t due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 13 ##A ##nd ##roid ID : A - 238 ##60 ##28 ##7 ##9 [SEP]
LRP (+Pred, pos-only)
[CLS] In navigate ##U ##p ##T ##o of Task . java there is a p ##o ssi b ##le way to launch an int en ##t handler with a mismatch ed int en ##t due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 13 ##A ##nd ##roid ID : A - 238 ##60 ##28 ##7 ##9 [SEP]
LIME (words)
In navigateUpTo of Task.java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879
SHAP (words)
In navigateUpTo of Task. java there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 13Android ID: A- 238602879
#15 · cve_id CVE-2021-34166 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A SQL ▁IN J EC TION ▁vulnerability ▁in Sourcecodester ▁Simple ▁Food Website ▁1 . 0 ▁allows ▁a ▁remote ▁attacker ▁to Bypass Authentication ▁and ▁become Admin . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
SHAP (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. 0 allows a remote attacker to Bypass Authentication and become Admin
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A SQL IN ##J ##EC ##T ION vulnerability in Sourcecodester Simple Food Website 1 . 0 allows a remote attacker to Bypass Authentication and become Admin . [SEP]
LRP (+Pred, pos-only)
[CLS] A SQL IN ##J ##EC ##T ION vulnerability in Sourcecodester Simple Food Website 1 . 0 allows a remote attacker to Bypass Authentication and become Admin . [SEP]
LIME (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
SHAP (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. 0 allows a remote attacker to Bypass Authentication and become Admin
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A SQL IN ##J ##EC ##T ION vulnerability in Sourcecodester Simple Food Website 1 . 0 allows a remote attacker to Bypass Authentication and become Admin . [SEP]
LRP (+Pred, pos-only)
[CLS] A SQL IN ##J ##EC ##T ION vulnerability in Sourcecodester Simple Food Website 1 . 0 allows a remote attacker to Bypass Authentication and become Admin . [SEP]
LIME (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
SHAP (words)
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. 0 allows a remote attacker to Bypass Authentication and become Admin
#16 · cve_id CVE-2023-35161 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
XWiki Plat ▁form ▁is ▁a ▁generic wiki ▁platform ▁offering runtime ▁services ▁for ▁applications ▁built ▁on ▁top ▁of ▁it . User s ▁are ▁able ▁to ▁for ge ▁an URL ▁with ▁a ▁payload ▁allowing ▁to inject Javascript ▁in ▁the ▁page ( XSS ) . ▁It ' s ▁po ssi ble ▁to ▁exploit ▁the Delete ▁Application ▁page ▁to ▁perform ▁a XSS e . g . ▁by ▁using URL ▁such ▁as : > ▁x wiki / bin / view / App With in Min ute s / Delete ▁Application ? app Name = Menu ▁& re solv e = true & x redirect ▁= javascript : al ert ( document . do main ) . ▁This ▁vulnerability ▁exists ▁since XWiki ▁6 . 2 - mile stone - 1 . ▁The ▁vulnerability ▁has ▁been patched ▁in XWiki ▁14 . 10 . 5 ▁and ▁15 . 1 - rc - 1 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
SHAP (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS). It' s possible to exploit the DeleteApplication page to perform a XSS e. g. by using URL such as: > xwiki/ bin/ view/ AppWithinMinutes/ DeleteApplication? appName= Menu& resolve= true& xredirect= javascript: alert( document. domain). This vulnerability exists since XWiki 6. 2- milestone- 1. The vulnerability has been patched in XWiki 14. 10. 5 and 15. 1- rc- 1
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] XWiki Plat form is a generic wiki platform offering runtime services for applications built on top of it . User s are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS ) . It ' s p ##o ssi b ##le to exploit the Delete App l ##ica ##tion page to perform a XSS e . g . by using URL such as : > x wiki / bin / view / App Within ##M ##in ##utes / Delete App l ##ica ##tion ? app ##N ##ame = Menu & resolve = true & x redirect = javascript : alert ( document . domain ) . This vulnerability exists since XWiki 6 . 2 - milestone - 1 . The vulnerability has been patched in XWiki 14 . 10 . 5 and 15 . 1 - r ##c - 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] XWiki Plat form is a generic wiki platform offering runtime services for applications built on top of it . User s are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS ) . It ' s p ##o ssi b ##le to exploit the Delete App l ##ica ##tion page to perform a XSS e . g . by using URL such as : > x wiki / bin / view / App Within ##M ##in ##utes / Delete App l ##ica ##tion ? app ##N ##ame = Menu & resolve = true & x redirect = javascript : alert ( document . domain ) . This vulnerability exists since XWiki 6 . 2 - milestone - 1 . The vulnerability has been patched in XWiki 14 . 10 . 5 and 15 . 1 - r ##c - 1 . [SEP]
LIME (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
SHAP (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS). It' s possible to exploit the DeleteApplication page to perform a XSS e. g. by using URL such as: > xwiki/ bin/ view/ AppWithinMinutes/ DeleteApplication? appName= Menu& resolve= true& xredirect= javascript: alert( document. domain). This vulnerability exists since XWiki 6. 2- milestone- 1. The vulnerability has been patched in XWiki 14. 10. 5 and 15. 1- rc- 1
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] XWiki Plat form is a generic wiki platform offering runtime services for applications built on top of it . User s are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS ) . It ' s p ##o ssi b ##le to exploit the Delete App l ##ica ##tion page to perform a XSS e . g . by using URL such as : > x wiki / bin / view / App Within ##M ##in ##utes / Delete App l ##ica ##tion ? app ##N ##ame = Menu & resolve = true & x redirect = javascript : alert ( document . domain ) . This vulnerability exists since XWiki 6 . 2 - milestone - 1 . The vulnerability has been patched in XWiki 14 . 10 . 5 and 15 . 1 - r ##c - 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] XWiki Plat form is a generic wiki platform offering runtime services for applications built on top of it . User s are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS ) . It ' s p ##o ssi b ##le to exploit the Delete App l ##ica ##tion page to perform a XSS e . g . by using URL such as : > x wiki / bin / view / App Within ##M ##in ##utes / Delete App l ##ica ##tion ? app ##N ##ame = Menu & resolve = true & x redirect = javascript : alert ( document . domain ) . This vulnerability exists since XWiki 6 . 2 - milestone - 1 . The vulnerability has been patched in XWiki 14 . 10 . 5 and 15 . 1 - r ##c - 1 . [SEP]
LIME (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
SHAP (words)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page ( XSS). It' s possible to exploit the DeleteApplication page to perform a XSS e. g. by using URL such as: > xwiki/ bin/ view/ AppWithinMinutes/ DeleteApplication? appName= Menu& resolve= true& xredirect= javascript: alert( document. domain). This vulnerability exists since XWiki 6. 2- milestone- 1. The vulnerability has been patched in XWiki 14. 10. 5 and 15. 1- rc- 1
#17 · cve_id CVE-2023-41068 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁access ▁issue ▁was ▁addressed ▁with ▁improved ▁access ▁restrictions . ▁This ▁issue ▁is ▁fixed ▁in tvOS ▁17 ▁iOS ▁17 ▁and iPadOS ▁17 watchOS ▁10 ▁iOS ▁16 . 7 ▁and iPadOS ▁16 . 7 . ▁A ▁user ▁may ▁be ▁able ▁to elevate ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.
SHAP (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16. 7 and iPadOS 16. 7. A user may be able to elevate privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An access issue was addressed with improved access restrictions . This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16 . 7 and iPadOS 16 . 7 . A user may be able to elevate privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] An access issue was addressed with improved access restrictions . This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16 . 7 and iPadOS 16 . 7 . A user may be able to elevate privileges . [SEP]
LIME (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.
SHAP (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16. 7 and iPadOS 16. 7. A user may be able to elevate privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An access issue was addressed with improved access restrictions . This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16 . 7 and iPadOS 16 . 7 . A user may be able to elevate privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] An access issue was addressed with improved access restrictions . This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16 . 7 and iPadOS 16 . 7 . A user may be able to elevate privileges . [SEP]
LIME (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.
SHAP (words)
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17 iOS 17 and iPadOS 17 watchOS 10 iOS 16. 7 and iPadOS 16. 7. A user may be able to elevate privileges
#18 · cve_id CVE-2022-30714 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In for matio n ▁exposure ▁vulnerability ▁in ▁Sem I WC Mon itor ▁prior ▁to SMR ▁Jun - 20 22 ▁Release ▁1 ▁allows ▁local ▁attackers ▁to ▁get MAC ▁address ▁in for matio n . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
SHAP (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun- 2022 Release 1 allows local attackers to get MAC address information
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In ##fo ##r matio n exposure vulnerability in Se ##m ##I ##W CM on ##itor prior to SMR Jun - 202 ##2 Release 1 allows local attackers to get MAC address info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] In ##fo ##r matio n exposure vulnerability in Se ##m ##I ##W CM on ##itor prior to SMR Jun - 202 ##2 Release 1 allows local attackers to get MAC address info ##r matio n . [SEP]
LIME (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
SHAP (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun- 2022 Release 1 allows local attackers to get MAC address information
lrp-distilbert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In ##fo ##r matio n exposure vulnerability in Se ##m ##I ##W CM on ##itor prior to SMR Jun - 202 ##2 Release 1 allows local attackers to get MAC address info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] In ##fo ##r matio n exposure vulnerability in Se ##m ##I ##W CM on ##itor prior to SMR Jun - 202 ##2 Release 1 allows local attackers to get MAC address info ##r matio n . [SEP]
LIME (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
SHAP (words)
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun- 2022 Release 1 allows local attackers to get MAC address information
#19 · cve_id CVE-2022-47861 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Lead Manage ment ▁System ▁v 1 . 0 ▁is ▁vulnerable ▁to SQL Injection ▁via ▁the id param eter ▁in ▁remove Le ad . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
SHAP (words)
Lead Management System v1. 0 is vulnerable to SQL Injection via the id parameter in removeLead. php
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Lead Manage men ##t System v ##1 . 0 is vulnerable to SQL Injection via the id param et ##er in remove ##L ##ead . php . [SEP]
LRP (+Pred, pos-only)
[CLS] Lead Manage men ##t System v ##1 . 0 is vulnerable to SQL Injection via the id param et ##er in remove ##L ##ead . php . [SEP]
LIME (words)
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
SHAP (words)
Lead Management System v1. 0 is vulnerable to SQL Injection via the id parameter in removeLead. php
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Lead Manage men ##t System v ##1 . 0 is vulnerable to SQL Injection via the id param et ##er in remove ##L ##ead . php . [SEP]
LRP (+Pred, pos-only)
[CLS] Lead Manage men ##t System v ##1 . 0 is vulnerable to SQL Injection via the id param et ##er in remove ##L ##ead . php . [SEP]
LIME (words)
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
SHAP (words)
Lead Management System v1. 0 is vulnerable to SQL Injection via the id parameter in removeLead. php
#20 · cve_id CVE-2022-29594 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
e G ▁Agent ▁before ▁7 . 2 ▁has ▁weak ▁file permissions ▁that ▁enable escalation ▁of ▁privileges ▁to SYSTEM . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
SHAP (words)
eG Agent before 7. 2 has weak file permissions that enable escalation of privileges to SYSTEM
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] e ##G Agent before 7 . 2 has weak file permissions that enable escalation of privileges to SYSTEM . [SEP]
LRP (+Pred, pos-only)
[CLS] e ##G Agent before 7 . 2 has weak file permissions that enable escalation of privileges to SYSTEM . [SEP]
LIME (words)
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
SHAP (words)
eG Agent before 7. 2 has weak file permissions that enable escalation of privileges to SYSTEM
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] e ##G Agent before 7 . 2 has weak file permissions that enable escalation of privileges to SYSTEM . [SEP]
LRP (+Pred, pos-only)
[CLS] e ##G Agent before 7 . 2 has weak file permissions that enable escalation of privileges to SYSTEM . [SEP]
LIME (words)
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
SHAP (words)
eG Agent before 7. 2 has weak file permissions that enable escalation of privileges to SYSTEM
#21 · cve_id CVE-2023-40315 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁Open M NS ▁Horizon ▁31 . 0 . 8 ▁and ▁versions ▁earlier ▁than ▁32 . 0 . 2 ▁and ▁related ▁Meridian ▁versions ▁any ▁user ▁that ▁has ▁the ▁R OLE ▁_ FIL E SYSTEM ▁_ EDIT OR ▁can ▁easily escalate ▁their ▁privileges ▁to ▁R OLE ▁_ ADM ▁IN ▁or ▁any ▁other ▁role . ▁The ▁solution ▁is ▁to ▁upgrade ▁to ▁Meridian ▁20 23 . 1 . 5 ▁or ▁Horizon ▁32 . 0 . 2 ▁or ▁newer . ▁Meridian ▁and ▁Horizon ▁installation ▁instructions ▁state ▁that ▁they ▁are ▁intended ▁for ▁installation ▁within ▁an ▁organization ' s ▁private ▁networks ▁and ▁should ▁not ▁be ▁directly acce ssi ble ▁from ▁the ▁Internet . ▁Open NMS ▁thanks ▁Erik ▁Wy n ter ▁for ▁reporting ▁this ▁issue . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
SHAP (words)
In OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role.  The solution is to upgrade to Meridian 2023. 1. 5 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 and related Meridian versions any user that has the R OLE _ F ##I LE SYSTEM _ E ##DI ##TO ##R can easily escalate their privileges to R OLE _ ADM IN or any other role . The solution is to upgrade to Meridian 202 ##3 . 1 . 5 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter for reporting this issue . [SEP]
LRP (+Pred, pos-only)
[CLS] In Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 and related Meridian versions any user that has the R OLE _ F ##I LE SYSTEM _ E ##DI ##TO ##R can easily escalate their privileges to R OLE _ ADM IN or any other role . The solution is to upgrade to Meridian 202 ##3 . 1 . 5 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter for reporting this issue . [SEP]
LIME (words)
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
SHAP (words)
In OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role.  The solution is to upgrade to Meridian 2023. 1. 5 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 and related Meridian versions any user that has the R OLE _ F ##I LE SYSTEM _ E ##DI ##TO ##R can easily escalate their privileges to R OLE _ ADM IN or any other role . The solution is to upgrade to Meridian 202 ##3 . 1 . 5 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter for reporting this issue . [SEP]
LRP (+Pred, pos-only)
[CLS] In Open ##M NS Horizon 31 . 0 . 8 and versions earlier than 32 . 0 . 2 and related Meridian versions any user that has the R OLE _ F ##I LE SYSTEM _ E ##DI ##TO ##R can easily escalate their privileges to R OLE _ ADM IN or any other role . The solution is to upgrade to Meridian 202 ##3 . 1 . 5 or Horizon 32 . 0 . 2 or newer . Meridian and Horizon installation in struct ions state that they are int ended for installation within an organization ' s private networks and should not be directly a ##cc ##e ssi b ##le from the Internet . Open NMS thanks Erik W ##yn ##ter for reporting this issue . [SEP]
LIME (words)
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
SHAP (words)
In OpenMNS Horizon 31. 0. 8 and versions earlier than 32. 0. 2 and related Meridian versions any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role.  The solution is to upgrade to Meridian 2023. 1. 5 or Horizon 32. 0. 2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization' s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue
#22 · cve_id CVE-2023-4749 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁which ▁was cla ssi fi ed ▁as ▁critical ▁was ▁found ▁in SourceCodester Inventory Manage ment ▁System ▁1 . 0 . Affected ▁is ▁an ▁unknown ▁function ▁of ▁the ▁file ▁index . php . ▁The ▁manipulation ▁of ▁the ▁argument ▁page ▁leads ▁to ▁file ▁inclusion . ▁It ▁is ▁po ssi ble ▁to ▁launch ▁the ▁attack ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁V DB - 23 86 38 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1. 0. Affected is an unknown function of the file index. php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB- 238638 is the identifier assigned to this vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical was found in SourceCodester Inventory Manage men ##t System 1 . 0 . Affected is an unknown function of the file index . php . The man ip ul ##ation of the argument page leads to file inclusion . It is p ##o ssi b ##le to launch the attack remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##6 ##38 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical was found in SourceCodester Inventory Manage men ##t System 1 . 0 . Affected is an unknown function of the file index . php . The man ip ul ##ation of the argument page leads to file inclusion . It is p ##o ssi b ##le to launch the attack remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##6 ##38 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1. 0. Affected is an unknown function of the file index. php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB- 238638 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical was found in SourceCodester Inventory Manage men ##t System 1 . 0 . Affected is an unknown function of the file index . php . The man ip ul ##ation of the argument page leads to file inclusion . It is p ##o ssi b ##le to launch the attack remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##6 ##38 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical was found in SourceCodester Inventory Manage men ##t System 1 . 0 . Affected is an unknown function of the file index . php . The man ip ul ##ation of the argument page leads to file inclusion . It is p ##o ssi b ##le to launch the attack remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##6 ##38 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as critical was found in SourceCodester Inventory Management System 1. 0. Affected is an unknown function of the file index. php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB- 238638 is the identifier assigned to this vulnerability
#23 · cve_id CVE-2023-39963 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Nextcloud ▁Server ▁provides ▁data ▁storage ▁for Nextcloud ▁an ▁open ▁source ▁cloud ▁platform . ▁Starting ▁in ▁version ▁20 . 0 . 0 ▁and ▁prior ▁to ▁versions ▁20 . 0 . 14 . 15 ▁21 . 0 . 9 . 13 ▁22 . 2 . 10 . 14 ▁23 . 0 . 12 . 8 ▁24 . 0 . 12 . 5 ▁25 . 0 . 9 ▁26 . 0 . 4 ▁and ▁27 . 0 . 1 ▁a ▁mi ssi ng ▁password ▁con fir matio n ▁allowed ▁an ▁attacker ▁after ▁successfully ▁stealing ▁a se ssi ▁on ▁from ▁a ▁logged ▁in ▁user ▁to ▁create ▁app passwords ▁for ▁the ▁victim . Nextcloud ▁server ▁versions ▁25 . 0 . 9 ▁26 . 0 . 4 ▁and ▁27 . 0 . 1 ▁and Nextcloud ▁Enterprise ▁Server ▁versions ▁20 . 0 . 14 . 15 ▁21 . 0 . 9 . 13 ▁22 . 2 . 10 . 14 ▁23 . 0 . 12 . 9 ▁24 . 0 . 12 . 5 ▁25 . 0 . 9 ▁26 . 0 . 4 ▁and ▁27 . 0 . 1 ▁contain ▁a ▁patch ▁for ▁this ▁issue . ▁No ▁known workarounds ▁are ▁available . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.8 24.0.12.5 25.0.9 26.0.4 and 27.0.1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25.0.9 26.0.4 and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.9 24.0.12.5 25.0.9 26.0.4 and 27.0.1 contain a patch for this issue. No known workarounds are available.
SHAP (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20. 0. 0 and prior to versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 8 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25. 0. 9 26. 0. 4 and 27. 0. 1 and Nextcloud Enterprise Server versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 9 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 contain a patch for this issue. No known workarounds are available
lrp-bert · Pred=HIGH (2) · p=0.66 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Server provides data storage for Nextcloud an open source cloud platform . S tar tin ##g in version 20 . 0 . 0 and prior to versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 8 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 a mi ssi ng password con ##fi ##r matio n allowed an attacker after successfully stealing a se ssi on from a logged in user to create app passwords for the victim . Nextcloud server versions 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 and Nextcloud Enterprise Server versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 9 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 contain a patch for this issue . No known workarounds are available . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Server provides data storage for Nextcloud an open source cloud platform . S tar tin ##g in version 20 . 0 . 0 and prior to versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 8 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 a mi ssi ng password con ##fi ##r matio n allowed an attacker after successfully stealing a se ssi on from a logged in user to create app passwords for the victim . Nextcloud server versions 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 and Nextcloud Enterprise Server versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 9 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 contain a patch for this issue . No known workarounds are available . [SEP]
LIME (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.8 24.0.12.5 25.0.9 26.0.4 and 27.0.1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25.0.9 26.0.4 and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.9 24.0.12.5 25.0.9 26.0.4 and 27.0.1 contain a patch for this issue. No known workarounds are available.
SHAP (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20. 0. 0 and prior to versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 8 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25. 0. 9 26. 0. 4 and 27. 0. 1 and Nextcloud Enterprise Server versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 9 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 contain a patch for this issue. No known workarounds are available
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Server provides data storage for Nextcloud an open source cloud platform . S tar tin ##g in version 20 . 0 . 0 and prior to versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 8 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 a mi ssi ng password con ##fi ##r matio n allowed an attacker after successfully stealing a se ssi on from a logged in user to create app passwords for the victim . Nextcloud server versions 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 and Nextcloud Enterprise Server versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 9 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 contain a patch for this issue . No known workarounds are available . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Server provides data storage for Nextcloud an open source cloud platform . S tar tin ##g in version 20 . 0 . 0 and prior to versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 8 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 a mi ssi ng password con ##fi ##r matio n allowed an attacker after successfully stealing a se ssi on from a logged in user to create app passwords for the victim . Nextcloud server versions 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 and Nextcloud Enterprise Server versions 20 . 0 . 14 . 15 21 . 0 . 9 . 13 22 . 2 . 10 . 14 23 . 0 . 12 . 9 24 . 0 . 12 . 5 25 . 0 . 9 26 . 0 . 4 and 27 . 0 . 1 contain a patch for this issue . No known workarounds are available . [SEP]
LIME (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.8 24.0.12.5 25.0.9 26.0.4 and 27.0.1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25.0.9 26.0.4 and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15 21.0.9.13 22.2.10.14 23.0.12.9 24.0.12.5 25.0.9 26.0.4 and 27.0.1 contain a patch for this issue. No known workarounds are available.
SHAP (words)
Nextcloud Server provides data storage for Nextcloud an open source cloud platform. Starting in version 20. 0. 0 and prior to versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 8 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 a missing password confirmation allowed an attacker after successfully stealing a session from a logged in user to create app passwords for the victim. Nextcloud server versions 25. 0. 9 26. 0. 4 and 27. 0. 1 and Nextcloud Enterprise Server versions 20. 0. 14. 15 21. 0. 9. 13 22. 2. 10. 14 23. 0. 12. 9 24. 0. 12. 5 25. 0. 9 26. 0. 4 and 27. 0. 1 contain a patch for this issue. No known workarounds are available
#24 · cve_id CVE-2020-26713 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
REDCap ▁10 . 3 . 4 ▁contains ▁a XSS ▁vulnerability ▁in ▁the ▁To Do L ist ▁function ▁with param eter ▁sort . ▁The ▁in for matio n ▁submitted ▁by ▁the ▁user ▁is ▁immediately ▁returned ▁in ▁the ▁response ▁and ▁not e sc ▁a ped ▁leading ▁to ▁the ▁reflected XSS ▁vulnerability . Attackers ▁can ▁exploit vulnerabilities ▁to ▁steal login se ssi ▁on ▁in for matio n ▁or ▁borrow ▁user ▁rights ▁to ▁perform unauthorized ▁acts . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.
SHAP (words)
REDCap 10. 3. 4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] REDCap 10 . 3 . 4 contains a XSS vulnerability in the To ##D ##o ##L ##ist function with param et ##er sort . The info ##r matio n submitted by the user is immediately returned in the response and not e sc a ##ped leading to the reflected XSS vulnerability . Attackers can exploit vulnerabilities to steal login se ssi on info ##r matio n or borrow user rights to perform unauthorized acts . [SEP]
LRP (+Pred, pos-only)
[CLS] REDCap 10 . 3 . 4 contains a XSS vulnerability in the To ##D ##o ##L ##ist function with param et ##er sort . The info ##r matio n submitted by the user is immediately returned in the response and not e sc a ##ped leading to the reflected XSS vulnerability . Attackers can exploit vulnerabilities to steal login se ssi on info ##r matio n or borrow user rights to perform unauthorized acts . [SEP]
LIME (words)
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.
SHAP (words)
REDCap 10. 3. 4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] REDCap 10 . 3 . 4 contains a XSS vulnerability in the To ##D ##o ##L ##ist function with param et ##er sort . The info ##r matio n submitted by the user is immediately returned in the response and not e sc a ##ped leading to the reflected XSS vulnerability . Attackers can exploit vulnerabilities to steal login se ssi on info ##r matio n or borrow user rights to perform unauthorized acts . [SEP]
LRP (+Pred, pos-only)
[CLS] REDCap 10 . 3 . 4 contains a XSS vulnerability in the To ##D ##o ##L ##ist function with param et ##er sort . The info ##r matio n submitted by the user is immediately returned in the response and not e sc a ##ped leading to the reflected XSS vulnerability . Attackers can exploit vulnerabilities to steal login se ssi on info ##r matio n or borrow user rights to perform unauthorized acts . [SEP]
LIME (words)
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.
SHAP (words)
REDCap 10. 3. 4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts
#25 · cve_id CVE-2015-10015 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁which ▁was cla ssi fi ed ▁as ▁critical ▁has ▁been ▁found ▁in ▁glider net og n - live . ▁This ▁issue ▁affects ▁some ▁unknown ▁pro ce ssi ng . ▁The ▁manipulation ▁leads ▁to sql inject ion . ▁The ▁patch ▁is ▁named bc 0 f 1996 5 f 76 05 87 64 55 83 b 76 24 d 66 a 26 09 46 e 01 . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 21 74 87 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability which was classified as critical has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487.
SHAP (words)
A vulnerability which was classified as critical has been found in glidernet ogn- live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB- 217487
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in glider ##net og ##n - live . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to sql inject ion . The patch is named b ##c ##0 ##f ##19 ##9 ##65 ##f ##7 ##60 ##5 ##8 ##7 ##64 ##55 ##8 ##3 ##b ##7 ##6 ##24 ##d ##6 ##6 ##a ##26 ##0 ##9 ##46 ##e ##01 . It is recommended to apply a patch to fix this issue . The associated identifier of this vulnerability is V ##D ##B - 217 ##48 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in glider ##net og ##n - live . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to sql inject ion . The patch is named b ##c ##0 ##f ##19 ##9 ##65 ##f ##7 ##60 ##5 ##8 ##7 ##64 ##55 ##8 ##3 ##b ##7 ##6 ##24 ##d ##6 ##6 ##a ##26 ##0 ##9 ##46 ##e ##01 . It is recommended to apply a patch to fix this issue . The associated identifier of this vulnerability is V ##D ##B - 217 ##48 ##7 . [SEP]
LIME (words)
A vulnerability which was classified as critical has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487.
SHAP (words)
A vulnerability which was classified as critical has been found in glidernet ogn- live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB- 217487
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in glider ##net og ##n - live . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to sql inject ion . The patch is named b ##c ##0 ##f ##19 ##9 ##65 ##f ##7 ##60 ##5 ##8 ##7 ##64 ##55 ##8 ##3 ##b ##7 ##6 ##24 ##d ##6 ##6 ##a ##26 ##0 ##9 ##46 ##e ##01 . It is recommended to apply a patch to fix this issue . The associated identifier of this vulnerability is V ##D ##B - 217 ##48 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in glider ##net og ##n - live . This issue affects some unknown pro ##ce ssi ng . The man ip ul ##ation leads to sql inject ion . The patch is named b ##c ##0 ##f ##19 ##9 ##65 ##f ##7 ##60 ##5 ##8 ##7 ##64 ##55 ##8 ##3 ##b ##7 ##6 ##24 ##d ##6 ##6 ##a ##26 ##0 ##9 ##46 ##e ##01 . It is recommended to apply a patch to fix this issue . The associated identifier of this vulnerability is V ##D ##B - 217 ##48 ##7 . [SEP]
LIME (words)
A vulnerability which was classified as critical has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487.
SHAP (words)
A vulnerability which was classified as critical has been found in glidernet ogn- live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB- 217487
#26 · cve_id CVE-2021-32475 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁ID ▁numbers ▁displayed ▁in ▁the quiz ▁grading ▁report ▁required ▁additional sanitizing ▁to ▁prevent ▁a ▁stored XSS ▁risk . Moodle ▁3 . 10 ▁to ▁3 . 10 . 3 ▁3 . 9 ▁to ▁3 . 9 . 6 ▁3 . 8 ▁to ▁3 . 8 . 8 ▁3 . 5 ▁to ▁3 . 5 . 17 ▁and ▁earlier unsupported ▁versions ▁are ▁affected . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3 3.9 to 3.9.6 3.8 to 3.8.8 3.5 to 3.5.17 and earlier unsupported versions are affected.
SHAP (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3. 10 to 3. 10. 3 3. 9 to 3. 9. 6 3. 8 to 3. 8. 8 3. 5 to 3. 5. 17 and earlier unsupported versions are affected
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ID numbers displayed in the quiz g ##rading report required additional sanitizing to prevent a stored XSS risk . Moodle 3 . 10 to 3 . 10 . 3 3 . 9 to 3 . 9 . 6 3 . 8 to 3 . 8 . 8 3 . 5 to 3 . 5 . 17 and earlier unsupported versions are affected . [SEP]
LRP (+Pred, pos-only)
[CLS] ID numbers displayed in the quiz g ##rading report required additional sanitizing to prevent a stored XSS risk . Moodle 3 . 10 to 3 . 10 . 3 3 . 9 to 3 . 9 . 6 3 . 8 to 3 . 8 . 8 3 . 5 to 3 . 5 . 17 and earlier unsupported versions are affected . [SEP]
LIME (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3 3.9 to 3.9.6 3.8 to 3.8.8 3.5 to 3.5.17 and earlier unsupported versions are affected.
SHAP (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3. 10 to 3. 10. 3 3. 9 to 3. 9. 6 3. 8 to 3. 8. 8 3. 5 to 3. 5. 17 and earlier unsupported versions are affected
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ID numbers displayed in the quiz g ##rading report required additional sanitizing to prevent a stored XSS risk . Moodle 3 . 10 to 3 . 10 . 3 3 . 9 to 3 . 9 . 6 3 . 8 to 3 . 8 . 8 3 . 5 to 3 . 5 . 17 and earlier unsupported versions are affected . [SEP]
LRP (+Pred, pos-only)
[CLS] ID numbers displayed in the quiz g ##rading report required additional sanitizing to prevent a stored XSS risk . Moodle 3 . 10 to 3 . 10 . 3 3 . 9 to 3 . 9 . 6 3 . 8 to 3 . 8 . 8 3 . 5 to 3 . 5 . 17 and earlier unsupported versions are affected . [SEP]
LIME (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3 3.9 to 3.9.6 3.8 to 3.8.8 3.5 to 3.5.17 and earlier unsupported versions are affected.
SHAP (words)
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3. 10 to 3. 10. 3 3. 9 to 3. 9. 6 3. 8 to 3. 8. 8 3. 5 to 3. 5. 17 and earlier unsupported versions are affected
#27 · cve_id CVE-2019-14719 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Verifone MX 900 ▁series Pinpad Payment Terminals ▁with ▁OS ▁30 25 1000 ▁allow ▁multiple ▁arbitrary ▁command injections ▁as ▁demonstrated ▁by ▁the ▁file ▁manager . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager.
SHAP (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Verifone MX 900 series Pinpad Payment Terminals with OS 302 ##51 ##00 ##0 allow m ##ult ip le arbitrary command injections as demonstrated by the file manager . [SEP]
LRP (+Pred, pos-only)
[CLS] Verifone MX 900 series Pinpad Payment Terminals with OS 302 ##51 ##00 ##0 allow m ##ult ip le arbitrary command injections as demonstrated by the file manager . [SEP]
LIME (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager.
SHAP (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Verifone MX 900 series Pinpad Payment Terminals with OS 302 ##51 ##00 ##0 allow m ##ult ip le arbitrary command injections as demonstrated by the file manager . [SEP]
LRP (+Pred, pos-only)
[CLS] Verifone MX 900 series Pinpad Payment Terminals with OS 302 ##51 ##00 ##0 allow m ##ult ip le arbitrary command injections as demonstrated by the file manager . [SEP]
LIME (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager.
SHAP (words)
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections as demonstrated by the file manager
#28 · cve_id CVE-2022-39301 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
s ra - admin ▁is ▁a ▁background ▁rights ▁man a gem ent ▁system ▁that ▁separate s ▁the ▁front ▁and ▁back ▁end . s ra - admin ▁version ▁1 . 1 . 1 ▁has ▁a ▁storage cross-site scripting ( XSS ) ▁vulnerability . ▁After ▁logging ▁into ▁the s ra - admin ▁background ▁an ▁attacker ▁can upload ▁an html ▁page ▁containing xss ▁attack ▁code ▁in " Personal ▁Center " - " Pro file ▁Picture Upload " ▁allowing ▁theft ▁of ▁the ▁user ' s ▁personal ▁in for matio n . ▁This ▁issue ▁has ▁been patched ▁in ▁1 . 1 . 2 . ▁There ▁are ▁no ▁known workarounds . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.
SHAP (words)
sra- admin is a background rights management system that separates the front and back end. sra- admin version 1. 1. 1 has a storage cross- site scripting ( XSS) vulnerability. After logging into the sra- admin background an attacker can upload an html page containing xss attack code in " Personal Center" - " Profile Picture Upload" allowing theft of the user' s personal information. This issue has been patched in 1. 1. 2. There are no known workarounds
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] s ##ra - admin is a background rights man ##a gem en ##t system that separates the front and back end . s ##ra - admin version 1 . 1 . 1 has a storage cross-site scripting ( XSS ) vulnerability . After logging int o the s ##ra - admin background an attacker can upload an html page containing xss attack code in " Personal Center " - " Profile Picture Upload " allowing theft of the user ' s personal info ##r matio n . This issue has been patched in 1 . 1 . 2 . There are no known workarounds . [SEP]
LRP (+Pred, pos-only)
[CLS] s ##ra - admin is a background rights man ##a gem en ##t system that separates the front and back end . s ##ra - admin version 1 . 1 . 1 has a storage cross-site scripting ( XSS ) vulnerability . After logging int o the s ##ra - admin background an attacker can upload an html page containing xss attack code in " Personal Center " - " Profile Picture Upload " allowing theft of the user ' s personal info ##r matio n . This issue has been patched in 1 . 1 . 2 . There are no known workarounds . [SEP]
LIME (words)
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.
SHAP (words)
sra- admin is a background rights management system that separates the front and back end. sra- admin version 1. 1. 1 has a storage cross- site scripting ( XSS) vulnerability. After logging into the sra- admin background an attacker can upload an html page containing xss attack code in " Personal Center" - " Profile Picture Upload" allowing theft of the user' s personal information. This issue has been patched in 1. 1. 2. There are no known workarounds
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] s ##ra - admin is a background rights man ##a gem en ##t system that separates the front and back end . s ##ra - admin version 1 . 1 . 1 has a storage cross-site scripting ( XSS ) vulnerability . After logging int o the s ##ra - admin background an attacker can upload an html page containing xss attack code in " Personal Center " - " Profile Picture Upload " allowing theft of the user ' s personal info ##r matio n . This issue has been patched in 1 . 1 . 2 . There are no known workarounds . [SEP]
LRP (+Pred, pos-only)
[CLS] s ##ra - admin is a background rights man ##a gem en ##t system that separates the front and back end . s ##ra - admin version 1 . 1 . 1 has a storage cross-site scripting ( XSS ) vulnerability . After logging int o the s ##ra - admin background an attacker can upload an html page containing xss attack code in " Personal Center " - " Profile Picture Upload " allowing theft of the user ' s personal info ##r matio n . This issue has been patched in 1 . 1 . 2 . There are no known workarounds . [SEP]
LIME (words)
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.
SHAP (words)
sra- admin is a background rights management system that separates the front and back end. sra- admin version 1. 1. 1 has a storage cross- site scripting ( XSS) vulnerability. After logging into the sra- admin background an attacker can upload an html page containing xss attack code in " Personal Center" - " Profile Picture Upload" allowing theft of the user' s personal information. This issue has been patched in 1. 1. 2. There are no known workarounds
#29 · cve_id CVE-2024-24311 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Path Traversal ▁vulnerability ▁in ▁Line a ▁Graf ica " M ult i lingual ▁and ▁Multi store ▁Site map ▁Pro - SEO " ( l g site map s ) ▁module ▁for PrestaShop ▁before ▁version ▁1 . 6 . 6 ▁a ▁guest ▁can ▁download ▁personal ▁in for matio n ▁without ▁restriction . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6 a guest can download personal information without restriction.
SHAP (words)
Path Traversal vulnerability in Linea Grafica " Multilingual and Multistore Sitemap Pro - SEO" ( lgsitemaps) module for PrestaShop before version 1. 6. 6 a guest can download personal information without restriction
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Path Traversal vulnerability in Line ##a Graf ##ica " Multi ##ling ##ual and Multi ##sto ##re S ite map Pro - SEO " ( l ##gs ite maps ) mod ul ##e for PrestaShop before version 1 . 6 . 6 a guest can download personal info ##r matio n without restriction . [SEP]
LRP (+Pred, pos-only)
[CLS] Path Traversal vulnerability in Line ##a Graf ##ica " Multi ##ling ##ual and Multi ##sto ##re S ite map Pro - SEO " ( l ##gs ite maps ) mod ul ##e for PrestaShop before version 1 . 6 . 6 a guest can download personal info ##r matio n without restriction . [SEP]
LIME (words)
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6 a guest can download personal information without restriction.
SHAP (words)
Path Traversal vulnerability in Linea Grafica " Multilingual and Multistore Sitemap Pro - SEO" ( lgsitemaps) module for PrestaShop before version 1. 6. 6 a guest can download personal information without restriction
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Path Traversal vulnerability in Line ##a Graf ##ica " Multi ##ling ##ual and Multi ##sto ##re S ite map Pro - SEO " ( l ##gs ite maps ) mod ul ##e for PrestaShop before version 1 . 6 . 6 a guest can download personal info ##r matio n without restriction . [SEP]
LRP (+Pred, pos-only)
[CLS] Path Traversal vulnerability in Line ##a Graf ##ica " Multi ##ling ##ual and Multi ##sto ##re S ite map Pro - SEO " ( l ##gs ite maps ) mod ul ##e for PrestaShop before version 1 . 6 . 6 a guest can download personal info ##r matio n without restriction . [SEP]
LIME (words)
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6 a guest can download personal information without restriction.
SHAP (words)
Path Traversal vulnerability in Linea Grafica " Multilingual and Multistore Sitemap Pro - SEO" ( lgsitemaps) module for PrestaShop before version 1. 6. 6 a guest can download personal information without restriction
#30 · cve_id CVE-2021-29490 · c
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=0.70 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Je lly fin ▁is ▁a ▁free ▁software ▁media ▁system ▁that ▁provides ▁media ▁from ▁a ▁dedicated ▁server ▁to end-user ▁devices ▁via ▁multiple ▁apps . ▁Ver ions ▁prior ▁to ▁10 . 7 . 3 ▁vulnerable ▁to unauthenticated Server-Side Request Forgery ( SSRF ) ▁attacks ▁via ▁the ▁image Ur l param eter . ▁This ▁issue ▁potentially exposes ▁both ▁internal ▁and ▁external HTTP ▁servers ▁or ▁other ▁resources ▁available ▁via HTTP ▁` GET ` ▁that ▁are ▁visible ▁from ▁the ▁Je lly fin ▁server . ▁The ▁vulnerability ▁is patched ▁in ▁version ▁10 . 7 . 3 . ▁As ▁a workaround disable ▁external ▁access ▁to ▁the ▁API endpoints ▁` / Item s / * / Remote ▁Image s / Download ▁` ▁` / Item s / Remote ▁Search / I m age ` ▁and ▁` / I m ages / Remote ▁` ▁via ▁reverse proxy ▁or ▁limit ▁to ▁known - friendly ▁IP s . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround disable external access to the API endpoints `/Items/*/RemoteImages/Download` `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy or limit to known-friendly IPs.
SHAP (words)
Jellyfin is a free software media system that provides media from a dedicated server to end- user devices via multiple apps. Verions prior to 10. 7. 3 vulnerable to unauthenticated Server- Side Request Forgery ( SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP ` GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10. 7. 3. As a workaround disable external access to the API endpoints `/ Items/*/ RemoteImages/ Download` `/ Items/ RemoteSearch/ Image` and `/ Images/ Remote` via reverse proxy or limit to known- friendly IPs
lrp-bert · Pred=HIGH (2) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Je ##lly ##fin is a free software media system that provides media from a dedicated server to end-user dev ice ##s via m ##ult ip le apps . Ver ions prior to 10 . 7 . 3 vulnerable to unauthenticated Server-Side Request Forgery ( SSRF ) attacks via the image ##U ##rl param et ##er . This issue potentially exposes bot h int er ##nal and external HTTP servers or other resources available via HTTP ` GET ` that are visible from the Je ##lly ##fin server . The vulnerability is patched in version 10 . 7 . 3 . As a workaround disable external access to the A PI endpoints ` / Item s / * / Remote Images / Download ` ` / Item s / Remote Search / Image ` and ` / Images / Remote ` via reverse proxy or limit to known - friendly IP ##s . [SEP]
LRP (+Pred, pos-only)
[CLS] Je ##lly ##fin is a free software media system that provides media from a dedicated server to end-user dev ice ##s via m ##ult ip le apps . Ver ions prior to 10 . 7 . 3 vulnerable to unauthenticated Server-Side Request Forgery ( SSRF ) attacks via the image ##U ##rl param et ##er . This issue potentially exposes bot h int er ##nal and external HTTP servers or other resources available via HTTP ` GET ` that are visible from the Je ##lly ##fin server . The vulnerability is patched in version 10 . 7 . 3 . As a workaround disable external access to the A PI endpoints ` / Item s / * / Remote Images / Download ` ` / Item s / Remote Search / Image ` and ` / Images / Remote ` via reverse proxy or limit to known - friendly IP ##s . [SEP]
LIME (words)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround disable external access to the API endpoints `/Items/*/RemoteImages/Download` `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy or limit to known-friendly IPs.
SHAP (words)
Jellyfin is a free software media system that provides media from a dedicated server to end- user devices via multiple apps. Verions prior to 10. 7. 3 vulnerable to unauthenticated Server- Side Request Forgery ( SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP ` GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10. 7. 3. As a workaround disable external access to the API endpoints `/ Items/*/ RemoteImages/ Download` `/ Items/ RemoteSearch/ Image` and `/ Images/ Remote` via reverse proxy or limit to known- friendly IPs
lrp-distilbert · Pred=HIGH (2) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Je ##lly ##fin is a free software media system that provides media from a dedicated server to end-user dev ice ##s via m ##ult ip le apps . Ver ions prior to 10 . 7 . 3 vulnerable to unauthenticated Server-Side Request Forgery ( SSRF ) attacks via the image ##U ##rl param et ##er . This issue potentially exposes bot h int er ##nal and external HTTP servers or other resources available via HTTP ` GET ` that are visible from the Je ##lly ##fin server . The vulnerability is patched in version 10 . 7 . 3 . As a workaround disable external access to the A PI endpoints ` / Item s / * / Remote Images / Download ` ` / Item s / Remote Search / Image ` and ` / Images / Remote ` via reverse proxy or limit to known - friendly IP ##s . [SEP]
LRP (+Pred, pos-only)
[CLS] Je ##lly ##fin is a free software media system that provides media from a dedicated server to end-user dev ice ##s via m ##ult ip le apps . Ver ions prior to 10 . 7 . 3 vulnerable to unauthenticated Server-Side Request Forgery ( SSRF ) attacks via the image ##U ##rl param et ##er . This issue potentially exposes bot h int er ##nal and external HTTP servers or other resources available via HTTP ` GET ` that are visible from the Je ##lly ##fin server . The vulnerability is patched in version 10 . 7 . 3 . As a workaround disable external access to the A PI endpoints ` / Item s / * / Remote Images / Download ` ` / Item s / Remote Search / Image ` and ` / Images / Remote ` via reverse proxy or limit to known - friendly IP ##s . [SEP]
LIME (words)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround disable external access to the API endpoints `/Items/*/RemoteImages/Download` `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy or limit to known-friendly IPs.
SHAP (words)
Jellyfin is a free software media system that provides media from a dedicated server to end- user devices via multiple apps. Verions prior to 10. 7. 3 vulnerable to unauthenticated Server- Side Request Forgery ( SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP ` GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10. 7. 3. As a workaround disable external access to the API endpoints `/ Items/*/ RemoteImages/ Download` `/ Items/ RemoteSearch/ Image` and `/ Images/ Remote` via reverse proxy or limit to known- friendly IPs
#31 · cve_id CVE-2021-30151 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Side ki q ▁through ▁5 . 1 . 3 ▁and ▁6 . x ▁through ▁6 . 2 . 0 ▁allows XSS ▁via ▁the queue ▁name ▁of ▁the ▁live - poll ▁feature ▁when ▁Internet ▁Explorer ▁is ▁used . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
SHAP (words)
Sidekiq through 5. 1. 3 and 6. x through 6. 2. 0 allows XSS via the queue name of the live- poll feature when Internet Explorer is used
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Side ##ki ##q through 5 . 1 . 3 and 6 . x through 6 . 2 . 0 allows XSS via the queue name of the live - poll feature when Internet Explorer is used . [SEP]
LRP (+Pred, pos-only)
[CLS] Side ##ki ##q through 5 . 1 . 3 and 6 . x through 6 . 2 . 0 allows XSS via the queue name of the live - poll feature when Internet Explorer is used . [SEP]
LIME (words)
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
SHAP (words)
Sidekiq through 5. 1. 3 and 6. x through 6. 2. 0 allows XSS via the queue name of the live- poll feature when Internet Explorer is used
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Side ##ki ##q through 5 . 1 . 3 and 6 . x through 6 . 2 . 0 allows XSS via the queue name of the live - poll feature when Internet Explorer is used . [SEP]
LRP (+Pred, pos-only)
[CLS] Side ##ki ##q through 5 . 1 . 3 and 6 . x through 6 . 2 . 0 allows XSS via the queue name of the live - poll feature when Internet Explorer is used . [SEP]
LIME (words)
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
SHAP (words)
Sidekiq through 5. 1. 3 and 6. x through 6. 2. 0 allows XSS via the queue name of the live- poll feature when Internet Explorer is used
#32 · cve_id CVE-2022-46801 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper Neutralization ▁of ▁Formula Element s ▁in ▁a CSV ▁File ▁vulnerability ▁in ▁Paul ▁Ry ley ▁Site ▁Review s . This ▁issue ▁affects ▁Site ▁Review s : ▁from n / a ▁through ▁6 . 2 . 0 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.
SHAP (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/ a through 6. 2. 0
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Paul R ##yle ##y S ite Reviews . This issue affects S ite Reviews : from n / a through 6 . 2 . 0 . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Paul R ##yle ##y S ite Reviews . This issue affects S ite Reviews : from n / a through 6 . 2 . 0 . [SEP]
LIME (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.
SHAP (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/ a through 6. 2. 0
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Paul R ##yle ##y S ite Reviews . This issue affects S ite Reviews : from n / a through 6 . 2 . 0 . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper Neutralization of Formula Element s in a CSV File vulnerability in Paul R ##yle ##y S ite Reviews . This issue affects S ite Reviews : from n / a through 6 . 2 . 0 . [SEP]
LIME (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.
SHAP (words)
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/ a through 6. 2. 0
#33 · cve_id CVE-2023-6204 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁On ▁some ▁systems depend ing ▁on ▁the ▁graphics ▁settings ▁and ▁drivers it ▁was ▁po ssi ble ▁to ▁force ▁an out-of-bounds ▁read ▁and ▁leak ▁memory ▁data ▁into ▁the ▁images ▁created ▁on ▁the ▁canvas ▁element . ▁This ▁vulnerability ▁affects Firefox ▁< ▁120 Firefox ESR ▁< ▁115 . 5 . 0 ▁and Thunderbird ▁< ▁115 . 5 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115.5.0 and Thunderbird < 115.5.
SHAP (words)
On some systems— depending on the graphics settings and drivers— it was possible to force an out- of- bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115. 5. 0 and Thunderbird < 115. 5
lrp-bert · Pred=HIGH (2) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] On some systems depending on the graphics settings and drivers it was p ##o ssi b ##le to force an out-of-bounds read and leak memory data int o the images created on the canvas element . This vulnerability affects Firefox < 120 Firefox ESR < 115 . 5 . 0 and Thunderbird < 115 . 5 . [SEP]
LRP (+Pred, pos-only)
[CLS] On some systems depending on the graphics settings and drivers it was p ##o ssi b ##le to force an out-of-bounds read and leak memory data int o the images created on the canvas element . This vulnerability affects Firefox < 120 Firefox ESR < 115 . 5 . 0 and Thunderbird < 115 . 5 . [SEP]
LIME (words)
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115.5.0 and Thunderbird < 115.5.
SHAP (words)
On some systems— depending on the graphics settings and drivers— it was possible to force an out- of- bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115. 5. 0 and Thunderbird < 115. 5
lrp-distilbert · Pred=HIGH (2) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] On some systems depending on the graphics settings and drivers it was p ##o ssi b ##le to force an out-of-bounds read and leak memory data int o the images created on the canvas element . This vulnerability affects Firefox < 120 Firefox ESR < 115 . 5 . 0 and Thunderbird < 115 . 5 . [SEP]
LRP (+Pred, pos-only)
[CLS] On some systems depending on the graphics settings and drivers it was p ##o ssi b ##le to force an out-of-bounds read and leak memory data int o the images created on the canvas element . This vulnerability affects Firefox < 120 Firefox ESR < 115 . 5 . 0 and Thunderbird < 115 . 5 . [SEP]
LIME (words)
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115.5.0 and Thunderbird < 115.5.
SHAP (words)
On some systems— depending on the graphics settings and drivers— it was possible to force an out- of- bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120 Firefox ESR < 115. 5. 0 and Thunderbird < 115. 5
#34 · cve_id CVE-2022-32047 · c
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TOTOLINK ▁T 6 ▁V 4 . 1 . 9 cu . 5 179 _ B 20 2010 15 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁stack overflow ▁via ▁the desc param eter ▁in ▁the ▁function ▁F UN _ 00 4 12 ef 4 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
SHAP (words)
TOTOLINK T6 V4. 1. 9cu. 5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4
lrp-bert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TOTOLINK T ##6 V ##4 . 1 . 9 ##cu . 51 ##7 ##9 _ B ##20 ##20 ##10 ##15 was di sc over ##ed to contain a stack overflow via the desc param et ##er in the function F ##UN _ 00 ##41 ##2 ##ef ##4 . [SEP]
LRP (+Pred, pos-only)
[CLS] TOTOLINK T ##6 V ##4 . 1 . 9 ##cu . 51 ##7 ##9 _ B ##20 ##20 ##10 ##15 was di sc over ##ed to contain a stack overflow via the desc param et ##er in the function F ##UN _ 00 ##41 ##2 ##ef ##4 . [SEP]
LIME (words)
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
SHAP (words)
TOTOLINK T6 V4. 1. 9cu. 5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4
lrp-distilbert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TOTOLINK T ##6 V ##4 . 1 . 9 ##cu . 51 ##7 ##9 _ B ##20 ##20 ##10 ##15 was di sc over ##ed to contain a stack overflow via the desc param et ##er in the function F ##UN _ 00 ##41 ##2 ##ef ##4 . [SEP]
LRP (+Pred, pos-only)
[CLS] TOTOLINK T ##6 V ##4 . 1 . 9 ##cu . 51 ##7 ##9 _ B ##20 ##20 ##10 ##15 was di sc over ##ed to contain a stack overflow via the desc param et ##er in the function F ##UN _ 00 ##41 ##2 ##ef ##4 . [SEP]
LIME (words)
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
SHAP (words)
TOTOLINK T6 V4. 1. 9cu. 5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4
#35 · cve_id CVE-2021-34802 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁failure ▁in resetting ▁the ▁security ▁context ▁in ▁some ▁transaction ▁actions ▁in ▁Neo 4 j Graph ▁Database ▁4 . 2 ▁and ▁4 . 3 ▁could ▁allow authenticated ▁users ▁to ▁execute ▁commands ▁with elevate d ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
SHAP (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4. 2 and 4. 3 could allow authenticated users to execute commands with elevated privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A failure in resetting the se ##c uri t ##y context in some transaction actions in Neo ##4 ##j Graph Da tab as ##e 4 . 2 and 4 . 3 could allow authenticated users to exec u ##te commands with elevate d privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A failure in resetting the se ##c uri t ##y context in some transaction actions in Neo ##4 ##j Graph Da tab as ##e 4 . 2 and 4 . 3 could allow authenticated users to exec u ##te commands with elevate d privileges . [SEP]
LIME (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
SHAP (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4. 2 and 4. 3 could allow authenticated users to execute commands with elevated privileges
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A failure in resetting the se ##c uri t ##y context in some transaction actions in Neo ##4 ##j Graph Da tab as ##e 4 . 2 and 4 . 3 could allow authenticated users to exec u ##te commands with elevate d privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A failure in resetting the se ##c uri t ##y context in some transaction actions in Neo ##4 ##j Graph Da tab as ##e 4 . 2 and 4 . 3 could allow authenticated users to exec u ##te commands with elevate d privileges . [SEP]
LIME (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
SHAP (words)
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4. 2 and 4. 3 could allow authenticated users to execute commands with elevated privileges
#36 · cve_id CVE-2021-27451 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mesa ▁Lab s ▁A mega View Versions ▁3 . 0 ▁and ▁prior s passcode ▁is ▁generated ▁by ▁an ▁easily ▁reversible ▁algorithm ▁which ▁may ▁allow ▁an ▁attacker ▁to ▁gain ▁access ▁to ▁the ▁device . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device.
SHAP (words)
Mesa Labs AmegaView Versions 3. 0 and prior’ s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mesa Labs Am ##eg ##a ##V ##ie ##w Versions 3 . 0 and prior s passcode is generated by an easily re ##versible algorithm which may allow an attacker to gain access to the dev ice . [SEP]
LRP (+Pred, pos-only)
[CLS] Mesa Labs Am ##eg ##a ##V ##ie ##w Versions 3 . 0 and prior s passcode is generated by an easily re ##versible algorithm which may allow an attacker to gain access to the dev ice . [SEP]
LIME (words)
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device.
SHAP (words)
Mesa Labs AmegaView Versions 3. 0 and prior’ s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mesa Labs Am ##eg ##a ##V ##ie ##w Versions 3 . 0 and prior s passcode is generated by an easily re ##versible algorithm which may allow an attacker to gain access to the dev ice . [SEP]
LRP (+Pred, pos-only)
[CLS] Mesa Labs Am ##eg ##a ##V ##ie ##w Versions 3 . 0 and prior s passcode is generated by an easily re ##versible algorithm which may allow an attacker to gain access to the dev ice . [SEP]
LIME (words)
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device.
SHAP (words)
Mesa Labs AmegaView Versions 3. 0 and prior’ s passcode is generated by an easily reversible algorithm which may allow an attacker to gain access to the device
#37 · cve_id CVE-2018-17450 · c
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=0.94 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in GitLab ▁Community ▁and ▁Enterprise ▁Edition ▁before ▁11 . 1 . 7 ▁11 . 2 . x ▁before ▁11 . 2 . 4 ▁and ▁11 . 3 . x ▁before ▁11 . 3 . 1 . ▁There ▁is Server-Side Request Forgery ( SSRF ) ▁via ▁the Kubernetes ▁integration ▁leading ( for ▁example ) ▁to ▁di sc los ure ▁of ▁a GCP ▁service ▁token . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7 11.2.x before 11.2.4 and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration leading (for example) to disclosure of a GCP service token.
SHAP (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11. 1. 7 11. 2. x before 11. 2. 4 and 11. 3. x before 11. 3. 1. There is Server- Side Request Forgery ( SSRF) via the Kubernetes integration leading ( for example) to disclosure of a GCP service token
lrp-bert · Pred=HIGH (2) · p=0.94 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in GitLab Community and Enterprise Edition before 11 . 1 . 7 11 . 2 . x before 11 . 2 . 4 and 11 . 3 . x before 11 . 3 . 1 . There is Server-Side Request Forgery ( SSRF ) via the Kubernetes int e ##gration leading ( for example ) to di sc los ##ure of a GCP service token . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in GitLab Community and Enterprise Edition before 11 . 1 . 7 11 . 2 . x before 11 . 2 . 4 and 11 . 3 . x before 11 . 3 . 1 . There is Server-Side Request Forgery ( SSRF ) via the Kubernetes int e ##gration leading ( for example ) to di sc los ##ure of a GCP service token . [SEP]
LIME (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7 11.2.x before 11.2.4 and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration leading (for example) to disclosure of a GCP service token.
SHAP (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11. 1. 7 11. 2. x before 11. 2. 4 and 11. 3. x before 11. 3. 1. There is Server- Side Request Forgery ( SSRF) via the Kubernetes integration leading ( for example) to disclosure of a GCP service token
lrp-distilbert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in GitLab Community and Enterprise Edition before 11 . 1 . 7 11 . 2 . x before 11 . 2 . 4 and 11 . 3 . x before 11 . 3 . 1 . There is Server-Side Request Forgery ( SSRF ) via the Kubernetes int e ##gration leading ( for example ) to di sc los ##ure of a GCP service token . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in GitLab Community and Enterprise Edition before 11 . 1 . 7 11 . 2 . x before 11 . 2 . 4 and 11 . 3 . x before 11 . 3 . 1 . There is Server-Side Request Forgery ( SSRF ) via the Kubernetes int e ##gration leading ( for example ) to di sc los ##ure of a GCP service token . [SEP]
LIME (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7 11.2.x before 11.2.4 and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration leading (for example) to disclosure of a GCP service token.
SHAP (words)
An issue was discovered in GitLab Community and Enterprise Edition before 11. 1. 7 11. 2. x before 11. 2. 4 and 11. 3. x before 11. 3. 1. There is Server- Side Request Forgery ( SSRF) via the Kubernetes integration leading ( for example) to disclosure of a GCP service token
#38 · cve_id CVE-2020-0259 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In android ▁_ ver ity _ ct r ▁of d m - android - ver ity . c ▁there ▁is ▁a ▁po ssi ble ▁way ▁to ▁modify ▁a d m - ver ity ▁protected filesystem ▁due ▁to improperly ▁used crypto . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android kernelAndroid ▁ID : ▁A - 15 79 4 13 53 References : ▁N / A <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In android_verity_ctr of dm-android-verity.c there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A
SHAP (words)
In android_verity_ctr of dm- android- verity. c there is a possible way to modify a dm- verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android kernelAndroid ID: A- 157941353References: N/ A
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In android _ ve ##rity _ c ##tr of d ##m - android - ve ##rity . c there is a p ##o ssi b ##le way to mod if ##y a d ##m - ve ##rity protected filesystem due to improperly used crypto . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android kernelAndroid ID : A - 157 ##9 ##41 ##35 ##3 References : N / A [SEP]
LRP (+Pred, pos-only)
[CLS] In android _ ve ##rity _ c ##tr of d ##m - android - ve ##rity . c there is a p ##o ssi b ##le way to mod if ##y a d ##m - ve ##rity protected filesystem due to improperly used crypto . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android kernelAndroid ID : A - 157 ##9 ##41 ##35 ##3 References : N / A [SEP]
LIME (words)
In android_verity_ctr of dm-android-verity.c there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A
SHAP (words)
In android_verity_ctr of dm- android- verity. c there is a possible way to modify a dm- verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android kernelAndroid ID: A- 157941353References: N/ A
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In android _ ve ##rity _ c ##tr of d ##m - android - ve ##rity . c there is a p ##o ssi b ##le way to mod if ##y a d ##m - ve ##rity protected filesystem due to improperly used crypto . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android kernelAndroid ID : A - 157 ##9 ##41 ##35 ##3 References : N / A [SEP]
LRP (+Pred, pos-only)
[CLS] In android _ ve ##rity _ c ##tr of d ##m - android - ve ##rity . c there is a p ##o ssi b ##le way to mod if ##y a d ##m - ve ##rity protected filesystem due to improperly used crypto . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android kernelAndroid ID : A - 157 ##9 ##41 ##35 ##3 References : N / A [SEP]
LIME (words)
In android_verity_ctr of dm-android-verity.c there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A
SHAP (words)
In android_verity_ctr of dm- android- verity. c there is a possible way to modify a dm- verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android kernelAndroid ID: A- 157941353References: N/ A
#39 · cve_id CVE-2024-26147 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Helm ▁is ▁a ▁package ▁manager ▁for ▁Chart s ▁for Kubernetes . Versions ▁prior ▁to ▁3 . 14 . 2 ▁contain ▁an uninitialized ▁variable ▁vulnerability ▁when Helm parses ▁index ▁and plugin yam l ▁files ▁mi ssi ng ▁expected ▁content . ▁When ▁either ▁an ▁` index . yam l ` ▁file ▁or ▁a plugins ▁` plugin . yam l ` ▁file ▁were ▁mi ssi ng ▁all metadata ▁a ▁panic ▁would ▁occur ▁in Helm . ▁In ▁the Helm SDK ▁this ▁is ▁found ▁when ▁using ▁the ▁` Load ▁Index File ` ▁or ▁` Download ▁Index File ` ▁functions ▁in ▁the ▁` re po ` ▁package ▁or ▁the ▁` Load ▁Di r ` ▁function ▁in ▁the ▁` plugin ▁` ▁package . ▁For ▁the Helm ▁client ▁this ▁impacts ▁functions ▁around ▁adding ▁a repository ▁and ▁all Helm ▁functions ▁if ▁a malicious plugin ▁is ▁added ▁as Helm ▁in spec t s ▁all ▁known plugins ▁on ▁each invocation . ▁This ▁issue ▁has ▁been ▁resolved ▁in Helm ▁v 3 . 14 . 2 . ▁If ▁a malicious plugin ▁has ▁been ▁added ▁which ▁is ▁causing ▁all Helm ▁client ▁commands ▁to ▁panic ▁the malicious plugin ▁can ▁be ▁manually ▁removed ▁from ▁the filesystem . ▁If ▁using Helm SDK ▁versions ▁prior ▁to ▁3 . 14 . 2 ▁calls ▁to ▁affected ▁functions ▁can ▁use ▁` re cover ` ▁to ▁catch ▁the ▁panic . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2 calls to affected functions can use `recover` to catch the panic.
SHAP (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3. 14. 2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an ` index. yaml` file or a plugins ` plugin. yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the ` LoadIndexFile` or ` DownloadIndexFile` functions in the ` repo` package or the ` LoadDir` function in the ` plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3. 14. 2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3. 14. 2 calls to affected functions can use ` recover` to catch the panic
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Helm is a package manager for Charts for Kubernetes . Versions prior to 3 . 14 . 2 contain an uninitialized variable vulnerability when Helm parses index and plugin ya ##m ##l files mi ssi ng expected content . When either an ` index . ya ##m ##l ` file or a plugins ` plugin . ya ##m ##l ` file were mi ssi ng all metadata a panic would occur in Helm . In the Helm SDK this is found when using the ` Load Index ##F ##ile ` or ` Download Index ##F ##ile ` functions in the ` re ##po ` package or the ` Load Di ##r ` function in the ` plugin ` package . For the Helm cli en ##t this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm in spec t ##s all known plugins on each invocation . This issue has been resolved in Helm v ##3 . 14 . 2 . If a malicious plugin has been added which is causing all Helm cli en ##t commands to panic the malicious plugin can be manually removed from the filesystem . If using Helm SDK versions prior to 3 . 14 . 2 calls to affected functions can use ` recover ` to catch the panic . [SEP]
LRP (+Pred, pos-only)
[CLS] Helm is a package manager for Charts for Kubernetes . Versions prior to 3 . 14 . 2 contain an uninitialized variable vulnerability when Helm parses index and plugin ya ##m ##l files mi ssi ng expected content . When either an ` index . ya ##m ##l ` file or a plugins ` plugin . ya ##m ##l ` file were mi ssi ng all metadata a panic would occur in Helm . In the Helm SDK this is found when using the ` Load Index ##F ##ile ` or ` Download Index ##F ##ile ` functions in the ` re ##po ` package or the ` Load Di ##r ` function in the ` plugin ` package . For the Helm cli en ##t this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm in spec t ##s all known plugins on each invocation . This issue has been resolved in Helm v ##3 . 14 . 2 . If a malicious plugin has been added which is causing all Helm cli en ##t commands to panic the malicious plugin can be manually removed from the filesystem . If using Helm SDK versions prior to 3 . 14 . 2 calls to affected functions can use ` recover ` to catch the panic . [SEP]
LIME (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2 calls to affected functions can use `recover` to catch the panic.
SHAP (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3. 14. 2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an ` index. yaml` file or a plugins ` plugin. yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the ` LoadIndexFile` or ` DownloadIndexFile` functions in the ` repo` package or the ` LoadDir` function in the ` plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3. 14. 2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3. 14. 2 calls to affected functions can use ` recover` to catch the panic
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Helm is a package manager for Charts for Kubernetes . Versions prior to 3 . 14 . 2 contain an uninitialized variable vulnerability when Helm parses index and plugin ya ##m ##l files mi ssi ng expected content . When either an ` index . ya ##m ##l ` file or a plugins ` plugin . ya ##m ##l ` file were mi ssi ng all metadata a panic would occur in Helm . In the Helm SDK this is found when using the ` Load Index ##F ##ile ` or ` Download Index ##F ##ile ` functions in the ` re ##po ` package or the ` Load Di ##r ` function in the ` plugin ` package . For the Helm cli en ##t this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm in spec t ##s all known plugins on each invocation . This issue has been resolved in Helm v ##3 . 14 . 2 . If a malicious plugin has been added which is causing all Helm cli en ##t commands to panic the malicious plugin can be manually removed from the filesystem . If using Helm SDK versions prior to 3 . 14 . 2 calls to affected functions can use ` recover ` to catch the panic . [SEP]
LRP (+Pred, pos-only)
[CLS] Helm is a package manager for Charts for Kubernetes . Versions prior to 3 . 14 . 2 contain an uninitialized variable vulnerability when Helm parses index and plugin ya ##m ##l files mi ssi ng expected content . When either an ` index . ya ##m ##l ` file or a plugins ` plugin . ya ##m ##l ` file were mi ssi ng all metadata a panic would occur in Helm . In the Helm SDK this is found when using the ` Load Index ##F ##ile ` or ` Download Index ##F ##ile ` functions in the ` re ##po ` package or the ` Load Di ##r ` function in the ` plugin ` package . For the Helm cli en ##t this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm in spec t ##s all known plugins on each invocation . This issue has been resolved in Helm v ##3 . 14 . 2 . If a malicious plugin has been added which is causing all Helm cli en ##t commands to panic the malicious plugin can be manually removed from the filesystem . If using Helm SDK versions prior to 3 . 14 . 2 calls to affected functions can use ` recover ` to catch the panic . [SEP]
LIME (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2 calls to affected functions can use `recover` to catch the panic.
SHAP (words)
Helm is a package manager for Charts for Kubernetes. Versions prior to 3. 14. 2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an ` index. yaml` file or a plugins ` plugin. yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the ` LoadIndexFile` or ` DownloadIndexFile` functions in the ` repo` package or the ` LoadDir` function in the ` plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3. 14. 2. If a malicious plugin has been added which is causing all Helm client commands to panic the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3. 14. 2 calls to affected functions can use ` recover` to catch the panic
#40 · cve_id CVE-2011-1755 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁jab ber d 2 ▁before ▁2 . 2 . 14 ▁does ▁not ▁properly ▁detect recursion ▁during ▁entity ▁expansion ▁which ▁allows ▁remote ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ( me m ory ▁and ▁CPU ▁consumption ) ▁via ▁a ▁crafted ▁XML ▁document ▁containing ▁a ▁large ▁number ▁of nested ▁entity ▁references ▁a ▁similar ▁issue ▁to CVE - 2003 - 15 64 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE-2003-1564.
SHAP (words)
jabberd2 before 2. 2. 14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE- 2003- 1564
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] j ##ab ##ber ##d ##2 before 2 . 2 . 14 does not properly detect recursion d uri ng entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption ) via a crafted XML document containing a large number of nested entity references a similar issue to CVE - 2003 - 156 ##4 . [SEP]
LRP (+Pred, pos-only)
[CLS] j ##ab ##ber ##d ##2 before 2 . 2 . 14 does not properly detect recursion d uri ng entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption ) via a crafted XML document containing a large number of nested entity references a similar issue to CVE - 2003 - 156 ##4 . [SEP]
LIME (words)
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE-2003-1564.
SHAP (words)
jabberd2 before 2. 2. 14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE- 2003- 1564
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] j ##ab ##ber ##d ##2 before 2 . 2 . 14 does not properly detect recursion d uri ng entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption ) via a crafted XML document containing a large number of nested entity references a similar issue to CVE - 2003 - 156 ##4 . [SEP]
LRP (+Pred, pos-only)
[CLS] j ##ab ##ber ##d ##2 before 2 . 2 . 14 does not properly detect recursion d uri ng entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption ) via a crafted XML document containing a large number of nested entity references a similar issue to CVE - 2003 - 156 ##4 . [SEP]
LIME (words)
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE-2003-1564.
SHAP (words)
jabberd2 before 2. 2. 14 does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service ( memory and CPU consumption) via a crafted XML document containing a large number of nested entity references a similar issue to CVE- 2003- 1564
#41 · cve_id CVE-2023-32344 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁IBM Cognos Analytics ▁11 . 1 . 7 ▁11 . 2 . 4 ▁and ▁12 . 0 . 0 ▁is ▁vulnerable ▁to ▁form ▁action hijacking ▁where ▁it ▁is ▁po ssi ble ▁to ▁modify ▁the ▁form ▁action ▁to ▁reference ▁an ▁arbitrary ▁path . ▁IBM X-Force ▁ID : ▁25 58 98 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IBM Cognos Analytics 11.1.7 11.2.4 and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
SHAP (words)
IBM Cognos Analytics 11. 1. 7 11. 2. 4 and 12. 0. 0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X- Force ID: 255898
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Cognos Analytics 11 . 1 . 7 11 . 2 . 4 and 12 . 0 . 0 is vulnerable to form action hijacking where it is p ##o ssi b ##le to mod if ##y the form action to reference an arbitrary path . I BM X-Force ID : 255 ##8 ##9 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Cognos Analytics 11 . 1 . 7 11 . 2 . 4 and 12 . 0 . 0 is vulnerable to form action hijacking where it is p ##o ssi b ##le to mod if ##y the form action to reference an arbitrary path . I BM X-Force ID : 255 ##8 ##9 ##8 . [SEP]
LIME (words)
IBM Cognos Analytics 11.1.7 11.2.4 and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
SHAP (words)
IBM Cognos Analytics 11. 1. 7 11. 2. 4 and 12. 0. 0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X- Force ID: 255898
lrp-distilbert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Cognos Analytics 11 . 1 . 7 11 . 2 . 4 and 12 . 0 . 0 is vulnerable to form action hijacking where it is p ##o ssi b ##le to mod if ##y the form action to reference an arbitrary path . I BM X-Force ID : 255 ##8 ##9 ##8 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Cognos Analytics 11 . 1 . 7 11 . 2 . 4 and 12 . 0 . 0 is vulnerable to form action hijacking where it is p ##o ssi b ##le to mod if ##y the form action to reference an arbitrary path . I BM X-Force ID : 255 ##8 ##9 ##8 . [SEP]
LIME (words)
IBM Cognos Analytics 11.1.7 11.2.4 and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
SHAP (words)
IBM Cognos Analytics 11. 1. 7 11. 2. 4 and 12. 0. 0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X- Force ID: 255898
#42 · cve_id CVE-2019-14246 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In CentOS - Web Pan el . com ( aka ▁C WP ) CentOS ▁Web ▁Panel ▁0 . 9 . 8 . 85 1 ▁an insecure ▁object ▁reference ▁allows ▁an ▁attacker ▁to ▁di sc ▁over phpMyAdmin passwords ( of ▁any ▁user ▁in / et c / pass w d ) ▁via ▁an ▁attacker ▁account . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851 an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
SHAP (words)
In CentOS- WebPanel. com ( aka CWP) CentOS Web Panel 0. 9. 8. 851 an insecure object reference allows an attacker to discover phpMyAdmin passwords ( of any user in / etc/ passwd) via an attacker account
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In CentOS - Web ##P ##ane ##l . com ( aka C WP ) CentOS Web Panel 0 . 9 . 8 . 85 ##1 an insecure object reference allows an attacker to di sc over phpMyAdmin passwords ( of any user in / etc / pass ##w ##d ) via an attacker account . [SEP]
LRP (+Pred, pos-only)
[CLS] In CentOS - Web ##P ##ane ##l . com ( aka C WP ) CentOS Web Panel 0 . 9 . 8 . 85 ##1 an insecure object reference allows an attacker to di sc over phpMyAdmin passwords ( of any user in / etc / pass ##w ##d ) via an attacker account . [SEP]
LIME (words)
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851 an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
SHAP (words)
In CentOS- WebPanel. com ( aka CWP) CentOS Web Panel 0. 9. 8. 851 an insecure object reference allows an attacker to discover phpMyAdmin passwords ( of any user in / etc/ passwd) via an attacker account
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In CentOS - Web ##P ##ane ##l . com ( aka C WP ) CentOS Web Panel 0 . 9 . 8 . 85 ##1 an insecure object reference allows an attacker to di sc over phpMyAdmin passwords ( of any user in / etc / pass ##w ##d ) via an attacker account . [SEP]
LRP (+Pred, pos-only)
[CLS] In CentOS - Web ##P ##ane ##l . com ( aka C WP ) CentOS Web Panel 0 . 9 . 8 . 85 ##1 an insecure object reference allows an attacker to di sc over phpMyAdmin passwords ( of any user in / etc / pass ##w ##d ) via an attacker account . [SEP]
LIME (words)
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851 an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
SHAP (words)
In CentOS- WebPanel. com ( aka CWP) CentOS Web Panel 0. 9. 8. 851 an insecure object reference allows an attacker to discover phpMyAdmin passwords ( of any user in / etc/ passwd) via an attacker account
#43 · cve_id CVE-2011-0220 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Apple ▁Bon jo ur ▁before ▁2011 ▁allows ▁a ▁crash ▁via ▁a ▁crafted multicast DNS ▁packet . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
SHAP (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] App le Bon ##jou ##r before 2011 allows a crash via a crafted multicast DNS packet . [SEP]
LRP (+Pred, pos-only)
[CLS] App le Bon ##jou ##r before 2011 allows a crash via a crafted multicast DNS packet . [SEP]
LIME (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
SHAP (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] App le Bon ##jou ##r before 2011 allows a crash via a crafted multicast DNS packet . [SEP]
LRP (+Pred, pos-only)
[CLS] App le Bon ##jou ##r before 2011 allows a crash via a crafted multicast DNS packet . [SEP]
LIME (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
SHAP (words)
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet
#44 · cve_id CVE-2023-30859 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Tri ton ▁is ▁a ▁Mine craft plugin ▁for ▁Spi got ▁and ▁Bun gee Cor d ▁that ▁helps ▁you tran sl ate ▁your ▁Mine craft ▁server . ▁The ▁Custom Payload ▁packet ▁allows ▁you ▁to ▁execute ▁commands ▁on ▁the s pi got / bu k kit ▁console . ▁When ▁you ▁enable bung ee ▁mode ▁in ▁the config ▁it ▁will ▁enable ▁the bung ee ▁bridge ▁and ▁the ▁server ▁will ▁begin ▁to ▁broadcast ▁the ' tri ton : main ' plugin ▁channel . ▁Using ▁this plugin ▁channel ▁you ▁are ▁able ▁to ▁send ▁a ▁payload ▁packet ▁containing ▁a byte ( 2 ) ▁and ▁a ▁string ( any s pi got ▁command ) . ▁This ▁could ▁be ▁used ▁to ▁make ▁yourself ▁a ▁server ▁operator ▁and ▁be ▁used ▁to ▁extract ▁other ▁user ▁in for matio n ▁through phishing ( pre t ending ▁to ▁be ▁an admin ) ▁many ▁servers ▁use ▁essential s ▁so ▁the / ge o ip ▁command ▁could ▁be ▁available ▁to ▁them ▁etc . ▁This ▁could ▁also ▁be ▁modified ▁to ▁allow ▁you ▁to ▁set ▁the ▁servers ▁language ▁set ▁another ▁players ▁language ▁etc . ▁This ▁issue ▁affects ▁those ▁who ▁have bung ee ▁enabled ▁in config . ▁This ▁issue ▁has ▁been ▁fixed ▁in ▁version ▁3 . 8 . 4 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin) many servers use essentials so the /geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
SHAP (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/ bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the ' triton: main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte ( 2) and a string ( any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing ( pretending to be an admin) many servers use essentials so the / geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3. 8. 4
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tri ##ton is a Mine ##craft plugin for S ##pi ##got and B ##ung ##ee ##C ##ord that helps you t ##ran sl ate your Mine ##craft server . The Custom Payload packet allows you to exec u ##te commands on the s ##pi ##got / b ##uk ##ki ##t console . When you enable b ##ung ##ee mod e in the config it will enable the b ##ung ##ee bridge and the server will begin to broadcast the ' t ##rito ##n : main ' plugin channel . Using this plugin channel you are able to send a payload packet containing a byte ( 2 ) and a string ( any s ##pi ##got command ) . This could be used to make yours elf a server operator and be used to extract other user info ##r matio n through phishing ( pretending to be an admin ) many servers use essential ##s so the / g ##eo ip command could be available to them etc . This could also be mod if ##ied to allow you to set the servers lang u ##age set another players lang u ##age etc . This issue affects those who have b ##ung ##ee enabled in config . This issue has been fixed in version 3 . 8 . 4 . [SEP]
LRP (+Pred, pos-only)
[CLS] Tri ##ton is a Mine ##craft plugin for S ##pi ##got and B ##ung ##ee ##C ##ord that helps you t ##ran sl ate your Mine ##craft server . The Custom Payload packet allows you to exec u ##te commands on the s ##pi ##got / b ##uk ##ki ##t console . When you enable b ##ung ##ee mod e in the config it will enable the b ##ung ##ee bridge and the server will begin to broadcast the ' t ##rito ##n : main ' plugin channel . Using this plugin channel you are able to send a payload packet containing a byte ( 2 ) and a string ( any s ##pi ##got command ) . This could be used to make yours elf a server operator and be used to extract other user info ##r matio n through phishing ( pretending to be an admin ) many servers use essential ##s so the / g ##eo ip command could be available to them etc . This could also be mod if ##ied to allow you to set the servers lang u ##age set another players lang u ##age etc . This issue affects those who have b ##ung ##ee enabled in config . This issue has been fixed in version 3 . 8 . 4 . [SEP]
LIME (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin) many servers use essentials so the /geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
SHAP (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/ bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the ' triton: main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte ( 2) and a string ( any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing ( pretending to be an admin) many servers use essentials so the / geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3. 8. 4
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tri ##ton is a Mine ##craft plugin for S ##pi ##got and B ##ung ##ee ##C ##ord that helps you t ##ran sl ate your Mine ##craft server . The Custom Payload packet allows you to exec u ##te commands on the s ##pi ##got / b ##uk ##ki ##t console . When you enable b ##ung ##ee mod e in the config it will enable the b ##ung ##ee bridge and the server will begin to broadcast the ' t ##rito ##n : main ' plugin channel . Using this plugin channel you are able to send a payload packet containing a byte ( 2 ) and a string ( any s ##pi ##got command ) . This could be used to make yours elf a server operator and be used to extract other user info ##r matio n through phishing ( pretending to be an admin ) many servers use essential ##s so the / g ##eo ip command could be available to them etc . This could also be mod if ##ied to allow you to set the servers lang u ##age set another players lang u ##age etc . This issue affects those who have b ##ung ##ee enabled in config . This issue has been fixed in version 3 . 8 . 4 . [SEP]
LRP (+Pred, pos-only)
[CLS] Tri ##ton is a Mine ##craft plugin for S ##pi ##got and B ##ung ##ee ##C ##ord that helps you t ##ran sl ate your Mine ##craft server . The Custom Payload packet allows you to exec u ##te commands on the s ##pi ##got / b ##uk ##ki ##t console . When you enable b ##ung ##ee mod e in the config it will enable the b ##ung ##ee bridge and the server will begin to broadcast the ' t ##rito ##n : main ' plugin channel . Using this plugin channel you are able to send a payload packet containing a byte ( 2 ) and a string ( any s ##pi ##got command ) . This could be used to make yours elf a server operator and be used to extract other user info ##r matio n through phishing ( pretending to be an admin ) many servers use essential ##s so the / g ##eo ip command could be available to them etc . This could also be mod if ##ied to allow you to set the servers lang u ##age set another players lang u ##age etc . This issue affects those who have b ##ung ##ee enabled in config . This issue has been fixed in version 3 . 8 . 4 . [SEP]
LIME (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin) many servers use essentials so the /geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
SHAP (words)
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/ bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the ' triton: main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte ( 2) and a string ( any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing ( pretending to be an admin) many servers use essentials so the / geoip command could be available to them etc. This could also be modified to allow you to set the servers language set another players language etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3. 8. 4
#45 · cve_id CVE-2019-14868 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In k sh ▁version ▁2012 08 01 ▁a flaw ▁was ▁found ▁in ▁the ▁way ▁it evaluates ▁certain ▁environment ▁variables . ▁An ▁attacker ▁could ▁use ▁this flaw ▁to override ▁or ▁bypass ▁environment ▁restrictions ▁to ▁execute ▁shell ▁commands . ▁Services ▁and ▁applications ▁that ▁allow ▁remote unauthenticated ▁attackers ▁to ▁provide ▁one ▁of ▁those ▁environment ▁variables ▁could ▁allow ▁them ▁to ▁exploit ▁this ▁issue ▁remotely . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
SHAP (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In k ##sh version 2012 ##0 ##80 ##1 a flaw was found in the way it evaluates certain environment variables . An attacker could use this flaw to override or bypass environment restrictions to exec u ##te shell commands . Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely . [SEP]
LRP (+Pred, pos-only)
[CLS] In k ##sh version 2012 ##0 ##80 ##1 a flaw was found in the way it evaluates certain environment variables . An attacker could use this flaw to override or bypass environment restrictions to exec u ##te shell commands . Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely . [SEP]
LIME (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
SHAP (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In k ##sh version 2012 ##0 ##80 ##1 a flaw was found in the way it evaluates certain environment variables . An attacker could use this flaw to override or bypass environment restrictions to exec u ##te shell commands . Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely . [SEP]
LRP (+Pred, pos-only)
[CLS] In k ##sh version 2012 ##0 ##80 ##1 a flaw was found in the way it evaluates certain environment variables . An attacker could use this flaw to override or bypass environment restrictions to exec u ##te shell commands . Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely . [SEP]
LIME (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
SHAP (words)
In ksh version 20120801 a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely
#46 · cve_id CVE-2023-0127 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁command inject ion ▁vulnerability ▁in ▁the firmware ▁_ up date ▁command ▁in ▁the ▁device ' s ▁restricted telnet ▁interface ▁allows ▁an authenticated ▁attacker ▁to ▁execute ▁arbitrary ▁commands ▁as ▁root . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A command injection vulnerability in the firmware_update command in the device's restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root.
SHAP (words)
A command injection vulnerability in the firmware_update command in the device' s restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A command inject ion vulnerability in the firmware _ update command in the dev ice ' s restricted telnet int er ##face allows an authenticated attacker to exec u ##te arbitrary commands as root . [SEP]
LRP (+Pred, pos-only)
[CLS] A command inject ion vulnerability in the firmware _ update command in the dev ice ' s restricted telnet int er ##face allows an authenticated attacker to exec u ##te arbitrary commands as root . [SEP]
LIME (words)
A command injection vulnerability in the firmware_update command in the device's restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root.
SHAP (words)
A command injection vulnerability in the firmware_update command in the device' s restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A command inject ion vulnerability in the firmware _ update command in the dev ice ' s restricted telnet int er ##face allows an authenticated attacker to exec u ##te arbitrary commands as root . [SEP]
LRP (+Pred, pos-only)
[CLS] A command inject ion vulnerability in the firmware _ update command in the dev ice ' s restricted telnet int er ##face allows an authenticated attacker to exec u ##te arbitrary commands as root . [SEP]
LIME (words)
A command injection vulnerability in the firmware_update command in the device's restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root.
SHAP (words)
A command injection vulnerability in the firmware_update command in the device' s restricted telnet interface allows an authenticated attacker to execute arbitrary commands as root
#47 · cve_id CVE-2023-21710 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft ▁Exchange ▁Server Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
SHAP (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Exchange Server Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Exchange Server Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
SHAP (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Exchange Server Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Exchange Server Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
SHAP (words)
Microsoft Exchange Server Remote Code Execution Vulnerability
#48 · cve_id CVE-2023-30754 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Un auth . Reflected Cross-Site Scripting ( XSS ) ▁vulnerability ▁in ▁Ad Fox ly ▁Ad Fox ly ▁Ad Manage r ▁Ad S ense Ads ▁& Ads . T x t plugin ▁< = ▁1 . 8 . 5 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly Ad Manager AdSense Ads & Ads.Txt plugin <= 1.8.5 versions.
SHAP (words)
Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in AdFoxly AdFoxly – Ad Manager AdSense Ads & Ads. Txt plugin <=  1. 8. 5 versions
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Ad ##F ##ox ##ly Ad ##F ##ox ##ly Ad Manage r Ad ##S ##ense Ads & Ads . T ##x ##t plugin < = 1 . 8 . 5 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Ad ##F ##ox ##ly Ad ##F ##ox ##ly Ad Manage r Ad ##S ##ense Ads & Ads . T ##x ##t plugin < = 1 . 8 . 5 versions . [SEP]
LIME (words)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly Ad Manager AdSense Ads & Ads.Txt plugin <= 1.8.5 versions.
SHAP (words)
Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in AdFoxly AdFoxly – Ad Manager AdSense Ads & Ads. Txt plugin <=  1. 8. 5 versions
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Ad ##F ##ox ##ly Ad ##F ##ox ##ly Ad Manage r Ad ##S ##ense Ads & Ads . T ##x ##t plugin < = 1 . 8 . 5 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Ad ##F ##ox ##ly Ad ##F ##ox ##ly Ad Manage r Ad ##S ##ense Ads & Ads . T ##x ##t plugin < = 1 . 8 . 5 versions . [SEP]
LIME (words)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly Ad Manager AdSense Ads & Ads.Txt plugin <= 1.8.5 versions.
SHAP (words)
Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in AdFoxly AdFoxly – Ad Manager AdSense Ads & Ads. Txt plugin <=  1. 8. 5 versions
#49 · cve_id CVE-2022-26254 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Wo W on der ▁The ▁Ultimate PHP ▁Social ▁Network Plat ▁form ▁v 4 . 0 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁an ▁access ▁control ▁issue ▁which ▁allows unauthenticated ▁attackers ▁to arbitrarily ▁change ▁group ▁ID ▁names . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.
SHAP (words)
WoWonder The Ultimate PHP Social Network Platform v4. 0. 0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names
lrp-bert · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] W ##o ##W ##ond ##er The Ultimate PHP Social Network Plat form v ##4 . 0 . 0 was di sc over ##ed to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names . [SEP]
LRP (+Pred, pos-only)
[CLS] W ##o ##W ##ond ##er The Ultimate PHP Social Network Plat form v ##4 . 0 . 0 was di sc over ##ed to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names . [SEP]
LIME (words)
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.
SHAP (words)
WoWonder The Ultimate PHP Social Network Platform v4. 0. 0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] W ##o ##W ##ond ##er The Ultimate PHP Social Network Plat form v ##4 . 0 . 0 was di sc over ##ed to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names . [SEP]
LRP (+Pred, pos-only)
[CLS] W ##o ##W ##ond ##er The Ultimate PHP Social Network Plat form v ##4 . 0 . 0 was di sc over ##ed to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names . [SEP]
LIME (words)
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.
SHAP (words)
WoWonder The Ultimate PHP Social Network Platform v4. 0. 0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names
#50 · cve_id CVE-2023-38176 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Azure ▁Arc - Enable d Servers Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
SHAP (words)
Azure Arc- Enabled Servers Elevation of Privilege Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Azure Arc - Enable d Servers Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Azure Arc - Enable d Servers Elevation of Privilege Vulnerability [SEP]
LIME (words)
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
SHAP (words)
Azure Arc- Enabled Servers Elevation of Privilege Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.92 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Azure Arc - Enable d Servers Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Azure Arc - Enable d Servers Elevation of Privilege Vulnerability [SEP]
LIME (words)
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
SHAP (words)
Azure Arc- Enabled Servers Elevation of Privilege Vulnerability
#51 · cve_id CVE-2020-3463 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁in ▁the web-based ▁man a gem ent ▁interface ▁of Cisco Webex Meetings ▁could ▁allow ▁an unauthenticated ▁remote ▁attacker ▁to ▁conduct ▁a cross-site scripting ( XSS ) ▁attack ▁against ▁a ▁user ▁of ▁the web-based ▁man a gem ent ▁interface ▁of ▁the ▁affected ▁service . ▁The ▁vulnerability ▁is ▁due ▁to ▁insufficient validation ▁of user-supplied ▁input ▁by ▁the web-based ▁man a gem ent ▁interface ▁of ▁the ▁affected ▁service . ▁An ▁attacker ▁could ▁exploit ▁this ▁vulnerability ▁by persuading ▁a ▁user ▁to ▁click ▁a malicious ▁link . ▁A ▁successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to ▁execute ▁arbitrary sc ▁rip t ▁code ▁in ▁the ▁context ▁of ▁the ▁affected ▁interface ▁or ▁access ▁sensitive browser-based ▁in for matio n . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the web- based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the web- based management interface of the affected service. The vulnerability is due to insufficient validation of user- supplied input by the web- based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the web-based man ##a gem en ##t int er ##face of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the web-based man ##a gem en ##t int er ##face of the affected service . The vulnerability is due to insufficient validation of user-supplied input by the web-based man ##a gem en ##t int er ##face of the affected service . An attacker could exploit this vulnerability by persuading a user to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the web-based man ##a gem en ##t int er ##face of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the web-based man ##a gem en ##t int er ##face of the affected service . The vulnerability is due to insufficient validation of user-supplied input by the web-based man ##a gem en ##t int er ##face of the affected service . An attacker could exploit this vulnerability by persuading a user to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LIME (words)
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the web- based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the web- based management interface of the affected service. The vulnerability is due to insufficient validation of user- supplied input by the web- based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the web-based man ##a gem en ##t int er ##face of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the web-based man ##a gem en ##t int er ##face of the affected service . The vulnerability is due to insufficient validation of user-supplied input by the web-based man ##a gem en ##t int er ##face of the affected service . An attacker could exploit this vulnerability by persuading a user to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the web-based man ##a gem en ##t int er ##face of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the web-based man ##a gem en ##t int er ##face of the affected service . The vulnerability is due to insufficient validation of user-supplied input by the web-based man ##a gem en ##t int er ##face of the affected service . An attacker could exploit this vulnerability by persuading a user to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LIME (words)
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the web- based management interface of Cisco Webex Meetings could allow an unauthenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the web- based management interface of the affected service. The vulnerability is due to insufficient validation of user- supplied input by the web- based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
#52 · cve_id CVE-2016-5384 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁font config ▁before ▁2 . 12 . 1 ▁does ▁not validate offsets ▁which ▁allows ▁local ▁users ▁to ▁trigger ▁arbitrary ▁free ▁calls ▁and ▁consequently ▁conduct ▁double ▁free ▁attacks ▁and ▁execute ▁arbitrary ▁code ▁via ▁a ▁crafted ▁cache ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
fontconfig before 2.12.1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
SHAP (words)
fontconfig before 2. 12. 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] font config before 2 . 12 . 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and exec u ##te arbitrary code via a crafted cache file . [SEP]
LRP (+Pred, pos-only)
[CLS] font config before 2 . 12 . 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and exec u ##te arbitrary code via a crafted cache file . [SEP]
LIME (words)
fontconfig before 2.12.1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
SHAP (words)
fontconfig before 2. 12. 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] font config before 2 . 12 . 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and exec u ##te arbitrary code via a crafted cache file . [SEP]
LRP (+Pred, pos-only)
[CLS] font config before 2 . 12 . 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and exec u ##te arbitrary code via a crafted cache file . [SEP]
LIME (words)
fontconfig before 2.12.1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
SHAP (words)
fontconfig before 2. 12. 1 does not validate offsets which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file
#53 · cve_id CVE-2022-0698 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Microweber ▁version ▁1 . 3 . 1 ▁allows ▁an unauthenticated ▁user ▁to ▁perform ▁an ▁account ▁takeover ▁via ▁an XSS ▁on ▁the ' s elect - file ' param eter . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
SHAP (words)
Microweber version 1. 3. 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select- file' parameter
lrp-bert · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microweber version 1 . 3 . 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select - file ' param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Microweber version 1 . 3 . 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select - file ' param et ##er . [SEP]
LIME (words)
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
SHAP (words)
Microweber version 1. 3. 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select- file' parameter
lrp-distilbert · Pred=LOW (1) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microweber version 1 . 3 . 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select - file ' param et ##er . [SEP]
LRP (+Pred, pos-only)
[CLS] Microweber version 1 . 3 . 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select - file ' param et ##er . [SEP]
LIME (words)
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
SHAP (words)
Microweber version 1. 3. 1 allows an unauthenticated user to perform an account takeover via an XSS on the ' select- file' parameter
#54 · cve_id CVE-2021-32541 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁CT S ▁Web ▁transaction ▁system ▁related ▁to authentication ▁and se ssi ▁on ▁man a gem ent ▁is ▁implemented ▁incorrectly ▁which ▁allows ▁remote unauthenticated ▁attackers ▁can ▁send ▁a ▁large ▁number ▁of ▁valid usernames ▁and ▁force ▁those logged-in ▁account ▁to ▁log ▁out ▁causing ▁the ▁user ▁to ▁be ▁unable ▁to ▁access ▁the ▁services <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services
SHAP (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged- in account to log out causing the user to be unable to access the services
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The CT ##S Web transaction system related to authentication and se ssi on man ##a gem en ##t is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services [SEP]
LRP (+Pred, pos-only)
[CLS] The CT ##S Web transaction system related to authentication and se ssi on man ##a gem en ##t is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services [SEP]
LIME (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services
SHAP (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged- in account to log out causing the user to be unable to access the services
lrp-distilbert · Pred=NONE (0) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The CT ##S Web transaction system related to authentication and se ssi on man ##a gem en ##t is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services [SEP]
LRP (+Pred, pos-only)
[CLS] The CT ##S Web transaction system related to authentication and se ssi on man ##a gem en ##t is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services [SEP]
LIME (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged-in account to log out causing the user to be unable to access the services
SHAP (words)
The CTS Web transaction system related to authentication and session management is implemented incorrectly which allows remote unauthenticated attackers can send a large number of valid usernames and force those logged- in account to log out causing the user to be unable to access the services
#55 · cve_id CVE-2021-38315 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁SP ▁Project ▁& Document Manage r WordPress plugin ▁is ▁vulnerable ▁to ▁attribute - based Reflected Cross-Site Scripting ▁via ▁the ▁from ▁and ▁to param eter s ▁in ▁the ~ / function s . php ▁file ▁which ▁allows ▁attackers ▁to inject ▁arbitrary ▁web sc ▁rip t s ▁in ▁versions ▁up ▁to ▁and ▁including ▁4 . 25 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts in versions up to and including 4.25.
SHAP (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute- based Reflected Cross- Site Scripting via the from and to parameters in the ~/ functions. php file which allows attackers to inject arbitrary web scripts in versions up to and including 4. 25
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The SP Project & Document Manage r WordPress plugin is vulnerable to attribute - based Reflected Cross-Site Scripting via the from and to param et ##ers in the ~ / functions . php file which allows attackers to inject arbitrary web sc r ip t ##s in versions up to and including 4 . 25 . [SEP]
LRP (+Pred, pos-only)
[CLS] The SP Project & Document Manage r WordPress plugin is vulnerable to attribute - based Reflected Cross-Site Scripting via the from and to param et ##ers in the ~ / functions . php file which allows attackers to inject arbitrary web sc r ip t ##s in versions up to and including 4 . 25 . [SEP]
LIME (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts in versions up to and including 4.25.
SHAP (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute- based Reflected Cross- Site Scripting via the from and to parameters in the ~/ functions. php file which allows attackers to inject arbitrary web scripts in versions up to and including 4. 25
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The SP Project & Document Manage r WordPress plugin is vulnerable to attribute - based Reflected Cross-Site Scripting via the from and to param et ##ers in the ~ / functions . php file which allows attackers to inject arbitrary web sc r ip t ##s in versions up to and including 4 . 25 . [SEP]
LRP (+Pred, pos-only)
[CLS] The SP Project & Document Manage r WordPress plugin is vulnerable to attribute - based Reflected Cross-Site Scripting via the from and to param et ##ers in the ~ / functions . php file which allows attackers to inject arbitrary web sc r ip t ##s in versions up to and including 4 . 25 . [SEP]
LIME (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts in versions up to and including 4.25.
SHAP (words)
The SP Project & Document Manager WordPress plugin is vulnerable to attribute- based Reflected Cross- Site Scripting via the from and to parameters in the ~/ functions. php file which allows attackers to inject arbitrary web scripts in versions up to and including 4. 25
#56 · cve_id CVE-2010-0211 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The sl ap _ mod rd n 2 mod s ▁function ▁in mod rd n . c ▁in OpenLDAP ▁2 . 4 . 22 ▁does ▁not ▁check ▁the ▁return ▁value ▁of ▁a ▁call ▁to ▁the s m r _ normal ize ▁function ▁which ▁allows ▁remote ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ( segmentation ▁fault ) ▁and ▁po ssi b ly ▁execute ▁arbitrary ▁code ▁via ▁a mod rd n ▁call ▁with ▁an ▁R DN ▁string ▁containing ▁invalid ▁U TF - 8 ▁sequences ▁which triggers ▁a ▁free ▁of ▁an ▁invalid uninitialized pointer ▁in ▁the sl ap _ mod s _ free ▁function ▁as ▁demonstrated ▁using ▁the ▁Code nomic on LDAP ▁v 3 ▁test ▁suite . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite.
SHAP (words)
The slap_modrdn2mods function in modrdn. c in OpenLDAP 2. 4. 22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service ( segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF- 8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The sl a ##p _ mod r ##dn ##2 mod s function in mod r ##dn . c in OpenLDAP 2 . 4 . 22 does not check the return value of a call to the s ##m ##r _ normal ##ize function which allows remote attackers to cause a denial of service ( segmentation fault ) and p ##o ssi b ##ly exec u ##te arbitrary code via a mod r ##dn call with an R DN string containing invalid U ##TF - 8 sequences which triggers a free of an invalid uninitialized pointer in the sl a ##p _ mod s _ free function as demonstrated using the Code ##no ##mic ##on LDAP v ##3 test su ite . [SEP]
LRP (+Pred, pos-only)
[CLS] The sl a ##p _ mod r ##dn ##2 mod s function in mod r ##dn . c in OpenLDAP 2 . 4 . 22 does not check the return value of a call to the s ##m ##r _ normal ##ize function which allows remote attackers to cause a denial of service ( segmentation fault ) and p ##o ssi b ##ly exec u ##te arbitrary code via a mod r ##dn call with an R DN string containing invalid U ##TF - 8 sequences which triggers a free of an invalid uninitialized pointer in the sl a ##p _ mod s _ free function as demonstrated using the Code ##no ##mic ##on LDAP v ##3 test su ite . [SEP]
LIME (words)
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite.
SHAP (words)
The slap_modrdn2mods function in modrdn. c in OpenLDAP 2. 4. 22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service ( segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF- 8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The sl a ##p _ mod r ##dn ##2 mod s function in mod r ##dn . c in OpenLDAP 2 . 4 . 22 does not check the return value of a call to the s ##m ##r _ normal ##ize function which allows remote attackers to cause a denial of service ( segmentation fault ) and p ##o ssi b ##ly exec u ##te arbitrary code via a mod r ##dn call with an R DN string containing invalid U ##TF - 8 sequences which triggers a free of an invalid uninitialized pointer in the sl a ##p _ mod s _ free function as demonstrated using the Code ##no ##mic ##on LDAP v ##3 test su ite . [SEP]
LRP (+Pred, pos-only)
[CLS] The sl a ##p _ mod r ##dn ##2 mod s function in mod r ##dn . c in OpenLDAP 2 . 4 . 22 does not check the return value of a call to the s ##m ##r _ normal ##ize function which allows remote attackers to cause a denial of service ( segmentation fault ) and p ##o ssi b ##ly exec u ##te arbitrary code via a mod r ##dn call with an R DN string containing invalid U ##TF - 8 sequences which triggers a free of an invalid uninitialized pointer in the sl a ##p _ mod s _ free function as demonstrated using the Code ##no ##mic ##on LDAP v ##3 test su ite . [SEP]
LIME (words)
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite.
SHAP (words)
The slap_modrdn2mods function in modrdn. c in OpenLDAP 2. 4. 22 does not check the return value of a call to the smr_normalize function which allows remote attackers to cause a denial of service ( segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF- 8 sequences which triggers a free of an invalid uninitialized pointer in the slap_mods_free function as demonstrated using the Codenomicon LDAPv3 test suite
#57 · cve_id CVE-2021-2121 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle VM VirtualBox ▁product ▁of ▁Oracle Virtualization ( com ponent : ▁Core ) . ▁The ▁supported ▁version ▁that ▁is ▁affected ▁is ▁Prior ▁to ▁6 . 1 . 18 . Easily exploitable ▁vulnerability ▁allows ▁high ▁privileged ▁attacker ▁with logon ▁to ▁the ▁infrastructure ▁where ▁Oracle VM VirtualBox executes ▁to ▁compromise ▁Oracle VM VirtualBox . ▁While ▁the ▁vulnerability ▁is ▁in ▁Oracle VM VirtualBox ▁attacks ▁may ▁significantly ▁impact ▁additional ▁products . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁ability ▁to ▁cause ▁a ▁hang ▁or ▁frequently repeatable ▁crash ( complete ▁DO S ) ▁of ▁Oracle VM VirtualBox . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 0 ( Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : L / AC : L / PR : H / UI : N / S : C / C : N / I : N / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component: Core). The supported version that is affected is Prior to 6. 1. 18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of Oracle VM VirtualBox. CVSS 3. 1 Base Score 6. 0 ( Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: H/ UI: N/ S: C/ C: N/ I: N/ A: H
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component : Core ) . The supported version that is affected is Prior to 6 . 1 . 18 . Easily exploitable vulnerability allows high privileged attacker with logon to the in ##fra struct u ##re where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox . While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of Oracle VM VirtualBox . CVSS 3 . 1 Base Score 6 . 0 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : H / UI : N / S : C / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component : Core ) . The supported version that is affected is Prior to 6 . 1 . 18 . Easily exploitable vulnerability allows high privileged attacker with logon to the in ##fra struct u ##re where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox . While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of Oracle VM VirtualBox . CVSS 3 . 1 Base Score 6 . 0 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : H / UI : N / S : C / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component: Core). The supported version that is affected is Prior to 6. 1. 18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of Oracle VM VirtualBox. CVSS 3. 1 Base Score 6. 0 ( Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: H/ UI: N/ S: C/ C: N/ I: N/ A: H
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component : Core ) . The supported version that is affected is Prior to 6 . 1 . 18 . Easily exploitable vulnerability allows high privileged attacker with logon to the in ##fra struct u ##re where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox . While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of Oracle VM VirtualBox . CVSS 3 . 1 Base Score 6 . 0 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : H / UI : N / S : C / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component : Core ) . The supported version that is affected is Prior to 6 . 1 . 18 . Easily exploitable vulnerability allows high privileged attacker with logon to the in ##fra struct u ##re where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox . While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of Oracle VM VirtualBox . CVSS 3 . 1 Base Score 6 . 0 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : H / UI : N / S : C / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization ( component: Core). The supported version that is affected is Prior to 6. 1. 18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of Oracle VM VirtualBox. CVSS 3. 1 Base Score 6. 0 ( Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: H/ UI: N/ S: C/ C: N/ I: N/ A: H
#58 · cve_id CVE-2021-46283 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
n f _ table s _ new set ▁in ▁net / netfilter / n f _ table s _ api . c ▁in ▁the ▁Linux ▁kernel ▁before ▁5 . 12 . 13 ▁allows ▁local ▁users ▁to ▁cause ▁a ▁denial ▁of ▁service ( NULL pointer dereference ▁and ▁general ▁protection ▁fault ) ▁because ▁of ▁the ▁mi ssi ng initialization ▁for n ft _ set _ ele m _ exp r _ al loc . ▁A ▁local ▁user ▁can ▁set ▁a netfilter ▁table ▁ex pre ssi ▁on ▁in ▁their ▁own namespace . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
SHAP (words)
nf_tables_newset in net/ netfilter/ nf_tables_api. c in the Linux kernel before 5. 12. 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] n ##f _ tab les _ news ##et in net / netfilter / n ##f _ tab les _ api . c in the Linux kernel before 5 . 12 . 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault ) because of the mi ssi ng initialization for n ##ft _ set _ el ##em _ ex ##p ##r _ all ##oc . A local user can set a netfilter tab le ex ##p ##re ssi on in their own namespace . [SEP]
LRP (+Pred, pos-only)
[CLS] n ##f _ tab les _ news ##et in net / netfilter / n ##f _ tab les _ api . c in the Linux kernel before 5 . 12 . 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault ) because of the mi ssi ng initialization for n ##ft _ set _ el ##em _ ex ##p ##r _ all ##oc . A local user can set a netfilter tab le ex ##p ##re ssi on in their own namespace . [SEP]
LIME (words)
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
SHAP (words)
nf_tables_newset in net/ netfilter/ nf_tables_api. c in the Linux kernel before 5. 12. 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] n ##f _ tab les _ news ##et in net / netfilter / n ##f _ tab les _ api . c in the Linux kernel before 5 . 12 . 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault ) because of the mi ssi ng initialization for n ##ft _ set _ el ##em _ ex ##p ##r _ all ##oc . A local user can set a netfilter tab le ex ##p ##re ssi on in their own namespace . [SEP]
LRP (+Pred, pos-only)
[CLS] n ##f _ tab les _ news ##et in net / netfilter / n ##f _ tab les _ api . c in the Linux kernel before 5 . 12 . 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault ) because of the mi ssi ng initialization for n ##ft _ set _ el ##em _ ex ##p ##r _ all ##oc . A local user can set a netfilter tab le ex ##p ##re ssi on in their own namespace . [SEP]
LIME (words)
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
SHAP (words)
nf_tables_newset in net/ netfilter/ nf_tables_api. c in the Linux kernel before 5. 12. 13 allows local users to cause a denial of service ( NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace
#59 · cve_id CVE-2020-2291 · c
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Jenkins ▁couch db - statistic s Plugin ▁0 . 3 ▁and ▁earlier ▁stores ▁its ▁server ▁password unencrypted ▁in ▁its glob ▁al ▁configuration ▁file ▁on ▁the ▁Jenkins ▁controller ▁where ▁it ▁can ▁be ▁viewed ▁by ▁users ▁with ▁access ▁to ▁the ▁Jenkins ▁controller ▁file ▁system . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
SHAP (words)
Jenkins couchdb- statistics Plugin 0. 3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system
lrp-bert · Pred=HIGH (2) · p=0.91 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins couch db - statistics Plugin 0 . 3 and earlier stores its server password unencrypted in its glob al config u ##ration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system . [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins couch db - statistics Plugin 0 . 3 and earlier stores its server password unencrypted in its glob al config u ##ration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system . [SEP]
LIME (words)
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
SHAP (words)
Jenkins couchdb- statistics Plugin 0. 3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system
lrp-distilbert · Pred=HIGH (2) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins couch db - statistics Plugin 0 . 3 and earlier stores its server password unencrypted in its glob al config u ##ration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system . [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins couch db - statistics Plugin 0 . 3 and earlier stores its server password unencrypted in its glob al config u ##ration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system . [SEP]
LIME (words)
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
SHAP (words)
Jenkins couchdb- statistics Plugin 0. 3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system
#60 · cve_id CVE-2023-4556 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in SourceCodester ▁Online ▁Graduate ▁Trace r ▁System ▁1 . 0 ▁and cla ssi fi ed ▁as ▁critical . Affected ▁by ▁this ▁issue ▁is ▁the ▁function mysql i _ query ▁of ▁the ▁file ▁sex it . php . ▁The ▁manipulation ▁of ▁the ▁argument id ▁leads ▁to sql inject ion . ▁The ▁attack ▁may ▁be ▁launched ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁V DB - 23 81 54 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1. 0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit. php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 238154 is the identifier assigned to this vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in SourceCodester Online Graduate Trace ##r System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is the function mysql i _ query of the file sex ##it . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##15 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in SourceCodester Online Graduate Trace ##r System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is the function mysql i _ query of the file sex ##it . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##15 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1. 0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit. php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 238154 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in SourceCodester Online Graduate Trace ##r System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is the function mysql i _ query of the file sex ##it . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##15 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in SourceCodester Online Graduate Trace ##r System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this issue is the function mysql i _ query of the file sex ##it . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 238 ##15 ##4 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Online Graduate Tracer System 1. 0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit. php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB- 238154 is the identifier assigned to this vulnerability
#61 · cve_id CVE-2024-24925 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in ▁Sim center ▁Fe map ( All ▁versions ▁< ▁V 23 06 . 00 00 ) . ▁The ▁affected ▁application ▁is ▁vulnerable ▁to uninitialized pointer ▁access ▁while parsing spec i ally ▁crafted ▁Cat ia ▁MO DEL ▁files . ▁An ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to ▁execute ▁code ▁in ▁the ▁context ▁of ▁the ▁current ▁process . ( Z D I - CAN - 2 20 60 ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
SHAP (words)
A vulnerability has been identified in Simcenter Femap ( All versions < V2306. 0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 22060
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Si ##m ##cent ##er Fe ##ma ##p ( All versions < V ##23 ##0 ##6 . 000 ##0 ) . The affected application is vulnerable to uninitialized pointer access while parsing spec i ##ally crafted Cat ##ia M ##OD EL files . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 220 ##60 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Si ##m ##cent ##er Fe ##ma ##p ( All versions < V ##23 ##0 ##6 . 000 ##0 ) . The affected application is vulnerable to uninitialized pointer access while parsing spec i ##ally crafted Cat ##ia M ##OD EL files . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 220 ##60 ) [SEP]
LIME (words)
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
SHAP (words)
A vulnerability has been identified in Simcenter Femap ( All versions < V2306. 0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 22060
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Si ##m ##cent ##er Fe ##ma ##p ( All versions < V ##23 ##0 ##6 . 000 ##0 ) . The affected application is vulnerable to uninitialized pointer access while parsing spec i ##ally crafted Cat ##ia M ##OD EL files . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 220 ##60 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Si ##m ##cent ##er Fe ##ma ##p ( All versions < V ##23 ##0 ##6 . 000 ##0 ) . The affected application is vulnerable to uninitialized pointer access while parsing spec i ##ally crafted Cat ##ia M ##OD EL files . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 220 ##60 ) [SEP]
LIME (words)
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
SHAP (words)
A vulnerability has been identified in Simcenter Femap ( All versions < V2306. 0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 22060
#62 · cve_id CVE-2023-22875 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁IBM QRadar SIEM ▁7 . 4 ▁and ▁7 . 5 co pies ▁certificate ▁key ▁files ▁used ▁for SSL / TLS ▁in ▁the QRadar ▁web ▁user ▁interface ▁to ▁managed ▁hosts ▁in ▁the ▁deployment ▁that ▁do ▁not ▁require ▁that ▁key . ▁IBM X-Force ▁ID : ▁24 43 56 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
SHAP (words)
IBM QRadar SIEM 7. 4 and 7. 5copies certificate key files used for SSL/ TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X- Force ID: 244356
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM QRadar SIEM 7 . 4 and 7 . 5 ##co ##pies certificate key files used for SSL / TLS in the QRadar web user int er ##face to managed hosts in the deployment that do not require that key . I BM X-Force ID : 244 ##35 ##6 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM QRadar SIEM 7 . 4 and 7 . 5 ##co ##pies certificate key files used for SSL / TLS in the QRadar web user int er ##face to managed hosts in the deployment that do not require that key . I BM X-Force ID : 244 ##35 ##6 . [SEP]
LIME (words)
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
SHAP (words)
IBM QRadar SIEM 7. 4 and 7. 5copies certificate key files used for SSL/ TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X- Force ID: 244356
lrp-distilbert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM QRadar SIEM 7 . 4 and 7 . 5 ##co ##pies certificate key files used for SSL / TLS in the QRadar web user int er ##face to managed hosts in the deployment that do not require that key . I BM X-Force ID : 244 ##35 ##6 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM QRadar SIEM 7 . 4 and 7 . 5 ##co ##pies certificate key files used for SSL / TLS in the QRadar web user int er ##face to managed hosts in the deployment that do not require that key . I BM X-Force ID : 244 ##35 ##6 . [SEP]
LIME (words)
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
SHAP (words)
IBM QRadar SIEM 7. 4 and 7. 5copies certificate key files used for SSL/ TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X- Force ID: 244356
#63 · cve_id CVE-2022-35828 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft Defender ▁for Endpoint ▁for ▁Mac Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
SHAP (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability [SEP]
LIME (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
SHAP (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability [SEP]
LIME (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
SHAP (words)
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
#64 · cve_id CVE-2022-45933 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Kub e View ▁through ▁0 . 1 . 31 ▁allows ▁attackers ▁to ▁obtain ▁control ▁of ▁a Kubernetes ▁cluster ▁because api / sc ▁rape / ku be - system ▁does ▁not ▁require authentication ▁and retrieves ▁certificate ▁files ▁that ▁can ▁be ▁used ▁for authentication ▁as ku be - admin . NOT ▁E : ▁the ▁vendor ' s ▁position ▁is ▁that ▁Kub e View ▁was ▁a " fun sid e ▁project ▁and ▁a ▁learning ▁exercise " ▁and ▁not " very ▁secure . " <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise " and not "very secure."
SHAP (words)
KubeView through 0. 1. 31 allows attackers to obtain control of a Kubernetes cluster because api/ scrape/ kube- system does not require authentication and retrieves certificate files that can be used for authentication as kube- admin. NOTE: the vendor' s position is that KubeView was a " fun side project and a learning exercise " and not " very secure
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Ku ##be ##V ##ie ##w through 0 . 1 . 31 allows attackers to obtain control of a Kubernetes cluster because api / sc rape / k ##ube - system does not require authentication and retrieves certificate files that can be used for authentication as k ##ube - admin . NOT E : the vendor ' s position is that Ku ##be ##V ##ie ##w was a " fun sid e project and a learning exercise " and not " very secure . " [SEP]
LRP (+Pred, pos-only)
[CLS] Ku ##be ##V ##ie ##w through 0 . 1 . 31 allows attackers to obtain control of a Kubernetes cluster because api / sc rape / k ##ube - system does not require authentication and retrieves certificate files that can be used for authentication as k ##ube - admin . NOT E : the vendor ' s position is that Ku ##be ##V ##ie ##w was a " fun sid e project and a learning exercise " and not " very secure . " [SEP]
LIME (words)
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise " and not "very secure."
SHAP (words)
KubeView through 0. 1. 31 allows attackers to obtain control of a Kubernetes cluster because api/ scrape/ kube- system does not require authentication and retrieves certificate files that can be used for authentication as kube- admin. NOTE: the vendor' s position is that KubeView was a " fun side project and a learning exercise " and not " very secure
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Ku ##be ##V ##ie ##w through 0 . 1 . 31 allows attackers to obtain control of a Kubernetes cluster because api / sc rape / k ##ube - system does not require authentication and retrieves certificate files that can be used for authentication as k ##ube - admin . NOT E : the vendor ' s position is that Ku ##be ##V ##ie ##w was a " fun sid e project and a learning exercise " and not " very secure . " [SEP]
LRP (+Pred, pos-only)
[CLS] Ku ##be ##V ##ie ##w through 0 . 1 . 31 allows attackers to obtain control of a Kubernetes cluster because api / sc rape / k ##ube - system does not require authentication and retrieves certificate files that can be used for authentication as k ##ube - admin . NOT E : the vendor ' s position is that Ku ##be ##V ##ie ##w was a " fun sid e project and a learning exercise " and not " very secure . " [SEP]
LIME (words)
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise " and not "very secure."
SHAP (words)
KubeView through 0. 1. 31 allows attackers to obtain control of a Kubernetes cluster because api/ scrape/ kube- system does not require authentication and retrieves certificate files that can be used for authentication as kube- admin. NOTE: the vendor' s position is that KubeView was a " fun side project and a learning exercise " and not " very secure
#65 · cve_id CVE-2023-3140 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mi ssi ng HTTP headers ( X-Frame-Options Content-Security-Policy ) ▁in ▁K NI ME ▁Business Hub ▁before ▁1 . 4 . 0 ▁has ▁left ▁users ▁vulnerable ▁to ▁click ▁jack ing . Clickjacking ▁is ▁an ▁attack ▁that ▁occurs ▁when ▁an ▁attacker ▁uses ▁a ▁transparent iframe ▁in ▁a ▁window ▁to ▁trick ▁a ▁user ▁into ▁clicking ▁on ▁an ▁action able ▁item ▁such ▁as ▁a ▁button ▁or ▁link ▁to ▁another ▁server ▁in ▁which ▁they ▁have ▁an ▁identical webpage . ▁The ▁attacker ▁essentially hijack s ▁the ▁user ▁activity ▁intended ▁for ▁the ▁original ▁server ▁and ▁sends ▁them ▁to ▁the ▁other ▁server . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Missing HTTP headers (X-Frame-Options Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
SHAP (words)
Missing HTTP headers ( X- Frame- Options Content- Security- Policy) in KNIME Business Hub before 1. 4. 0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server
lrp-bert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mi ssi ng HTTP headers ( X-Frame-Options Content-Security-Policy ) in K ##N IM E Business Hub before 1 . 4 . 0 has left users vulnerable to cli c ##k jack ##ing . Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user int o cli c ##king on an action ##able ite m such as a button or link to another server in which they have an identical webpage . The attacker essentially hijack s the user activity int ended for the original server and sends them to the other server . [SEP]
LRP (+Pred, pos-only)
[CLS] Mi ssi ng HTTP headers ( X-Frame-Options Content-Security-Policy ) in K ##N IM E Business Hub before 1 . 4 . 0 has left users vulnerable to cli c ##k jack ##ing . Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user int o cli c ##king on an action ##able ite m such as a button or link to another server in which they have an identical webpage . The attacker essentially hijack s the user activity int ended for the original server and sends them to the other server . [SEP]
LIME (words)
Missing HTTP headers (X-Frame-Options Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
SHAP (words)
Missing HTTP headers ( X- Frame- Options Content- Security- Policy) in KNIME Business Hub before 1. 4. 0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mi ssi ng HTTP headers ( X-Frame-Options Content-Security-Policy ) in K ##N IM E Business Hub before 1 . 4 . 0 has left users vulnerable to cli c ##k jack ##ing . Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user int o cli c ##king on an action ##able ite m such as a button or link to another server in which they have an identical webpage . The attacker essentially hijack s the user activity int ended for the original server and sends them to the other server . [SEP]
LRP (+Pred, pos-only)
[CLS] Mi ssi ng HTTP headers ( X-Frame-Options Content-Security-Policy ) in K ##N IM E Business Hub before 1 . 4 . 0 has left users vulnerable to cli c ##k jack ##ing . Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user int o cli c ##king on an action ##able ite m such as a button or link to another server in which they have an identical webpage . The attacker essentially hijack s the user activity int ended for the original server and sends them to the other server . [SEP]
LIME (words)
Missing HTTP headers (X-Frame-Options Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
SHAP (words)
Missing HTTP headers ( X- Frame- Options Content- Security- Policy) in KNIME Business Hub before 1. 4. 0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item such as a button or link to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server
#66 · cve_id CVE-2022-31552 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁project - an uv a ad / an uv a ad -c ▁or pus repository ▁through ▁2020 - 11 - 23 ▁on GitHub ▁allows ▁absolute ▁path traversal ▁because ▁the ▁Fla sk ▁send _ file ▁function ▁is ▁used unsafely . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
SHAP (words)
The project- anuvaad/ anuvaad- corpus repository through 2020- 11- 23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The project - an ##u ##va ##ad / an ##u ##va ##ad -c or ##pus repository through 2020 - 11 - 23 on GitHub allows absolute path traversal because the F ##las ##k send _ file function is used unsafely . [SEP]
LRP (+Pred, pos-only)
[CLS] The project - an ##u ##va ##ad / an ##u ##va ##ad -c or ##pus repository through 2020 - 11 - 23 on GitHub allows absolute path traversal because the F ##las ##k send _ file function is used unsafely . [SEP]
LIME (words)
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
SHAP (words)
The project- anuvaad/ anuvaad- corpus repository through 2020- 11- 23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The project - an ##u ##va ##ad / an ##u ##va ##ad -c or ##pus repository through 2020 - 11 - 23 on GitHub allows absolute path traversal because the F ##las ##k send _ file function is used unsafely . [SEP]
LRP (+Pred, pos-only)
[CLS] The project - an ##u ##va ##ad / an ##u ##va ##ad -c or ##pus repository through 2020 - 11 - 23 on GitHub allows absolute path traversal because the F ##las ##k send _ file function is used unsafely . [SEP]
LIME (words)
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
SHAP (words)
The project- anuvaad/ anuvaad- corpus repository through 2020- 11- 23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely
#67 · cve_id CVE-2011-1802 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
WebKit ▁in ▁Google Chrome ▁before Blink ▁M 11 ▁and ▁M 12 ▁does ▁not ▁properly ▁handle ▁counter ▁nodes ▁which ▁allows ▁remote ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ( me m ory ▁corruption ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service (memory corruption).
SHAP (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WebKit in Google Chrome before Blink M1 ##1 and M1 ##2 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption ) . [SEP]
LRP (+Pred, pos-only)
[CLS] WebKit in Google Chrome before Blink M1 ##1 and M1 ##2 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption ) . [SEP]
LIME (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service (memory corruption).
SHAP (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WebKit in Google Chrome before Blink M1 ##1 and M1 ##2 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption ) . [SEP]
LRP (+Pred, pos-only)
[CLS] WebKit in Google Chrome before Blink M1 ##1 and M1 ##2 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption ) . [SEP]
LIME (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service (memory corruption).
SHAP (words)
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes which allows remote attackers to cause a denial of service ( memory corruption
#68 · cve_id CVE-2020-9387 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In Mahara ▁19 . 04 ▁before ▁19 . 04 . 5 ▁and ▁19 . 10 ▁before ▁19 . 10 . 3 ▁account ▁details ▁are ▁shared ▁in ▁the Elasticsearch ▁results ▁for ▁accounts ▁that ▁are ▁not acce ssi ble ▁when ▁the config ▁setting ' I sol ated ▁institutions ' ▁is ▁turned ▁on . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
SHAP (words)
In Mahara 19. 04 before 19. 04. 5 and 19. 10 before 19. 10. 3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ' Isolated institutions' is turned on
lrp-bert · Pred=LOW (1) · p=0.76 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Mahara 19 . 04 before 19 . 04 . 5 and 19 . 10 before 19 . 10 . 3 account details are shared in the Elasticsearch results for accounts that are not a ##cc ##e ssi b ##le when the config setting ' Is ##olate ##d institutions ' is turned on . [SEP]
LRP (+Pred, pos-only)
[CLS] In Mahara 19 . 04 before 19 . 04 . 5 and 19 . 10 before 19 . 10 . 3 account details are shared in the Elasticsearch results for accounts that are not a ##cc ##e ssi b ##le when the config setting ' Is ##olate ##d institutions ' is turned on . [SEP]
LIME (words)
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
SHAP (words)
In Mahara 19. 04 before 19. 04. 5 and 19. 10 before 19. 10. 3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ' Isolated institutions' is turned on
lrp-distilbert · Pred=LOW (1) · p=0.53 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Mahara 19 . 04 before 19 . 04 . 5 and 19 . 10 before 19 . 10 . 3 account details are shared in the Elasticsearch results for accounts that are not a ##cc ##e ssi b ##le when the config setting ' Is ##olate ##d institutions ' is turned on . [SEP]
LRP (+Pred, pos-only)
[CLS] In Mahara 19 . 04 before 19 . 04 . 5 and 19 . 10 before 19 . 10 . 3 account details are shared in the Elasticsearch results for accounts that are not a ##cc ##e ssi b ##le when the config setting ' Is ##olate ##d institutions ' is turned on . [SEP]
LIME (words)
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
SHAP (words)
In Mahara 19. 04 before 19. 04. 5 and 19. 10 before 19. 10. 3 account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ' Isolated institutions' is turned on
#69 · cve_id CVE-2021-37628 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Nextcloud ▁Rich document s ▁is ▁an ▁open ▁source ▁collaborative ▁office ▁suite . ▁In ▁affected ▁versions ▁the ▁File ▁Drop ▁features ( " Upload ▁Only " ▁public ▁link ▁shares ▁in Nextcloud ) ▁can ▁be bypassed ▁using ▁the Nextcloud ▁Rich document s ▁app . ▁An ▁attacker ▁was ▁able ▁to ▁read ▁arbitrary ▁files ▁in ▁such ▁a ▁share . ▁It ▁is ▁recommended ▁that ▁the Nextcloud ▁Rich document s ▁is ▁upgraded ▁to ▁3 . 8 . 4 ▁or ▁4 . 2 . 1 . ▁If upgrading ▁is ▁not ▁po ssi ble ▁then ▁it ▁is ▁recommended ▁to disable ▁the ▁Rich document s ▁application . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.
SHAP (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (" Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3. 8. 4 or 4. 2. 1. If upgrading is not possible then it is recommended to disable the Richdocuments application
lrp-bert · Pred=LOW (1) · p=0.94 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Rich ##do ##cum ##ents is an open source collaborative office su ite . In affected versions the File Drop features ( " Upload Only " public link shares in Nextcloud ) can be bypassed using the Nextcloud Rich ##do ##cum ##ents app . An attacker was able to read arbitrary files in such a share . It is recommended that the Nextcloud Rich ##do ##cum ##ents is upgraded to 3 . 8 . 4 or 4 . 2 . 1 . If upgrading is not p ##o ssi b ##le then it is recommended to disable the Rich ##do ##cum ##ents application . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Rich ##do ##cum ##ents is an open source collaborative office su ite . In affected versions the File Drop features ( " Upload Only " public link shares in Nextcloud ) can be bypassed using the Nextcloud Rich ##do ##cum ##ents app . An attacker was able to read arbitrary files in such a share . It is recommended that the Nextcloud Rich ##do ##cum ##ents is upgraded to 3 . 8 . 4 or 4 . 2 . 1 . If upgrading is not p ##o ssi b ##le then it is recommended to disable the Rich ##do ##cum ##ents application . [SEP]
LIME (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.
SHAP (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (" Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3. 8. 4 or 4. 2. 1. If upgrading is not possible then it is recommended to disable the Richdocuments application
lrp-distilbert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Rich ##do ##cum ##ents is an open source collaborative office su ite . In affected versions the File Drop features ( " Upload Only " public link shares in Nextcloud ) can be bypassed using the Nextcloud Rich ##do ##cum ##ents app . An attacker was able to read arbitrary files in such a share . It is recommended that the Nextcloud Rich ##do ##cum ##ents is upgraded to 3 . 8 . 4 or 4 . 2 . 1 . If upgrading is not p ##o ssi b ##le then it is recommended to disable the Rich ##do ##cum ##ents application . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Rich ##do ##cum ##ents is an open source collaborative office su ite . In affected versions the File Drop features ( " Upload Only " public link shares in Nextcloud ) can be bypassed using the Nextcloud Rich ##do ##cum ##ents app . An attacker was able to read arbitrary files in such a share . It is recommended that the Nextcloud Rich ##do ##cum ##ents is upgraded to 3 . 8 . 4 or 4 . 2 . 1 . If upgrading is not p ##o ssi b ##le then it is recommended to disable the Rich ##do ##cum ##ents application . [SEP]
LIME (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.
SHAP (words)
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (" Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3. 8. 4 or 4. 2. 1. If upgrading is not possible then it is recommended to disable the Richdocuments application
#70 · cve_id CVE-2023-35654 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ct rl _ ro i ▁of st m v l 53 l 1 _ mod ule . c ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁an ▁incorrect ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In ctrl_roi of stmvl53l1_module.c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In ctrl_roi of stmvl53l1_module. c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In c ##tr ##l _ r ##oi of s ##t ##m ##v ##l ##53 ##l ##1 _ mod ul ##e . c there is a p ##o ssi b ##le out of bounds read due to an incorrect bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LRP (+Pred, pos-only)
[CLS] In c ##tr ##l _ r ##oi of s ##t ##m ##v ##l ##53 ##l ##1 _ mod ul ##e . c there is a p ##o ssi b ##le out of bounds read due to an incorrect bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LIME (words)
In ctrl_roi of stmvl53l1_module.c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In ctrl_roi of stmvl53l1_module. c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In c ##tr ##l _ r ##oi of s ##t ##m ##v ##l ##53 ##l ##1 _ mod ul ##e . c there is a p ##o ssi b ##le out of bounds read due to an incorrect bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LRP (+Pred, pos-only)
[CLS] In c ##tr ##l _ r ##oi of s ##t ##m ##v ##l ##53 ##l ##1 _ mod ul ##e . c there is a p ##o ssi b ##le out of bounds read due to an incorrect bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LIME (words)
In ctrl_roi of stmvl53l1_module.c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In ctrl_roi of stmvl53l1_module. c there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
#71 · cve_id CVE-2021-25678 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in ▁Solid ▁Edge ▁SE 20 20 ( All ▁versions ▁< ▁SE 20 20 MP 13 ) ▁Solid ▁Edge ▁SE 20 20 ( All ▁versions ▁< ▁SE 20 20 MP 14 ) ▁Solid ▁Edge ▁SE 20 21 ( All Versions ▁< ▁SE 20 21 MP 4 ) . Affected ▁applications ▁lack ▁proper validation ▁of user-supplied ▁data ▁when parsing PAR ▁files . ▁This ▁could ▁result ▁in ▁an ▁out ▁of ▁bound s ▁write ▁past ▁the ▁end ▁of ▁an allocate d ▁structure . ▁An ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to ▁execute ▁code ▁in ▁the ▁context ▁of ▁the ▁current ▁process . ( Z D I - CAN - 125 29 ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13) Solid Edge SE2020 (All versions < SE2020MP14) Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
SHAP (words)
A vulnerability has been identified in Solid Edge SE2020 ( All versions < SE2020MP13) Solid Edge SE2020 ( All versions < SE2020MP14) Solid Edge SE2021 ( All Versions < SE2021MP4). Affected applications lack proper validation of user- supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12529
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##13 ) Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##14 ) Solid Edge SE ##20 ##21 ( All Versions < SE ##20 ##21 ##MP ##4 ) . Affected applications lack proper validation of user-supplied data when parsing PAR files . This could result in an out of bounds w ##r ite past the end of an allocate d struct u ##re . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 125 ##29 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##13 ) Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##14 ) Solid Edge SE ##20 ##21 ( All Versions < SE ##20 ##21 ##MP ##4 ) . Affected applications lack proper validation of user-supplied data when parsing PAR files . This could result in an out of bounds w ##r ite past the end of an allocate d struct u ##re . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 125 ##29 ) [SEP]
LIME (words)
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13) Solid Edge SE2020 (All versions < SE2020MP14) Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
SHAP (words)
A vulnerability has been identified in Solid Edge SE2020 ( All versions < SE2020MP13) Solid Edge SE2020 ( All versions < SE2020MP14) Solid Edge SE2021 ( All Versions < SE2021MP4). Affected applications lack proper validation of user- supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12529
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##13 ) Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##14 ) Solid Edge SE ##20 ##21 ( All Versions < SE ##20 ##21 ##MP ##4 ) . Affected applications lack proper validation of user-supplied data when parsing PAR files . This could result in an out of bounds w ##r ite past the end of an allocate d struct u ##re . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 125 ##29 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##13 ) Solid Edge SE ##20 ##20 ( All versions < SE ##20 ##20 ##MP ##14 ) Solid Edge SE ##20 ##21 ( All Versions < SE ##20 ##21 ##MP ##4 ) . Affected applications lack proper validation of user-supplied data when parsing PAR files . This could result in an out of bounds w ##r ite past the end of an allocate d struct u ##re . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 125 ##29 ) [SEP]
LIME (words)
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13) Solid Edge SE2020 (All versions < SE2020MP14) Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
SHAP (words)
A vulnerability has been identified in Solid Edge SE2020 ( All versions < SE2020MP13) Solid Edge SE2020 ( All versions < SE2020MP14) Solid Edge SE2021 ( All Versions < SE2021MP4). Affected applications lack proper validation of user- supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12529
#72 · cve_id CVE-2022-27445 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
MariaDB ▁Server ▁v 10 . 9 ▁and ▁below ▁was ▁di sc ▁over ed ▁to ▁contain ▁a segmentation ▁fault ▁via ▁the ▁component sql / sql ▁_ wind ow . cc . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
SHAP (words)
MariaDB Server v10. 9 and below was discovered to contain a segmentation fault via the component sql/ sql_window. cc
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] MariaDB Server v ##10 . 9 and below was di sc over ##ed to contain a segmentation fault via the component sql / sql _ window . cc . [SEP]
LRP (+Pred, pos-only)
[CLS] MariaDB Server v ##10 . 9 and below was di sc over ##ed to contain a segmentation fault via the component sql / sql _ window . cc . [SEP]
LIME (words)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
SHAP (words)
MariaDB Server v10. 9 and below was discovered to contain a segmentation fault via the component sql/ sql_window. cc
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] MariaDB Server v ##10 . 9 and below was di sc over ##ed to contain a segmentation fault via the component sql / sql _ window . cc . [SEP]
LRP (+Pred, pos-only)
[CLS] MariaDB Server v ##10 . 9 and below was di sc over ##ed to contain a segmentation fault via the component sql / sql _ window . cc . [SEP]
LIME (words)
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
SHAP (words)
MariaDB Server v10. 9 and below was discovered to contain a segmentation fault via the component sql/ sql_window. cc
#73 · cve_id CVE-2019-6538 · c
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁Con ex us ▁tele metry ▁protocol ▁utilized ▁within Medtronic MyCareLink ▁Monitor ▁versions ▁24 95 0 ▁and ▁24 95 2 CareLink ▁Monitor ▁version ▁24 90 C CareLink ▁20 90 Programmer ▁Amp lia ▁C RT - D ▁Clar ia ▁C RT - D ▁Comp ia ▁C RT - D ▁Concert o ▁C RT - D ▁Concert o ▁II ▁C RT - D ▁Consul ta ▁C RT - D ▁Ever a ▁I CD Maximo ▁II ▁C RT - D ▁and ▁I CD ▁Mir ro ▁I CD ▁Nay am ed ND ▁I CD ▁Pri mo ▁I CD Protect a ▁I CD ▁and ▁C RT - D ▁Sec ura ▁I CD Virtu oso ▁I CD Virtu oso ▁II ▁I CD ▁Vis ia AF ▁I CD ▁and ▁Viv a ▁C RT - D ▁does ▁not ▁implement authentication ▁or auth ▁or ization . ▁An ▁attacker ▁with ▁adjacent ▁short - range ▁access ▁to ▁an ▁affected ▁product ▁in ▁situations ▁where ▁the ▁product s ▁radio ▁is ▁turned ▁on ▁can inject ▁replay ▁modify ▁and / or ▁intercept ▁data ▁within ▁the ▁tele metry ▁communication . ▁This ▁communication ▁protocol ▁provides ▁the ▁ability ▁to ▁read ▁and ▁write ▁memory ▁values ▁to ▁affected implant ed ▁cardiac ▁devices ; ▁therefore ▁an ▁attacker ▁could ▁exploit ▁this ▁communication ▁protocol ▁to ▁change ▁memory ▁in ▁the implant ed ▁cardiac ▁device . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT-D Claria CRT-D Compia CRT-D Concerto CRT-D Concerto II CRT-D Consulta CRT-D Evera ICD Maximo II CRT-D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT-D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product in situations where the product’s radio is turned on can inject replay modify and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device.
SHAP (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT- D Claria CRT- D Compia CRT- D Concerto CRT- D Concerto II CRT- D Consulta CRT- D Evera ICD Maximo II CRT- D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT- D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT- D does not implement authentication or authorization. An attacker with adjacent short- range access to an affected product in situations where the product’ s radio is turned on can inject replay modify and/ or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device
lrp-bert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Con ##ex ##us te ##lem ##et ##ry protocol utilized within Medtronic MyCareLink Monitor versions 249 ##50 and 249 ##5 ##2 CareLink Monitor version 249 ##0 ##C CareLink 209 ##0 Programmer Am ##p ##lia C RT - D C ##lar ##ia C RT - D Co ##mp ##ia C RT - D Concerto C RT - D Concerto II C RT - D Consul ##ta C RT - D Ever ##a I ##CD Maximo II C RT - D and I ##CD Mir ##ro I ##CD Na ##yam ##ed N ##D I ##CD P ##rim ##o I ##CD Protect a I ##CD and C RT - D Se ##cu ##ra I ##CD V ##irt ##uo ##so I ##CD V ##irt ##uo ##so II I ##CD V ##isi ##a A ##F I ##CD and Viva C RT - D does not implement authentication or auth or ##ization . An attacker with adjacent short - range access to an affected product in situations where the product s radio is turned on can inject replay mod if ##y and / or int er ##ce ##pt data within the te ##lem ##et ##ry communication . This communication protocol provides the ability to read and w ##r ite memory values to affected implant ed cardiac dev ice ##s ; therefore an attacker could exploit this communication protocol to change memory in the implant ed cardiac dev ice . [SEP]
LRP (+Pred, pos-only)
[CLS] The Con ##ex ##us te ##lem ##et ##ry protocol utilized within Medtronic MyCareLink Monitor versions 249 ##50 and 249 ##5 ##2 CareLink Monitor version 249 ##0 ##C CareLink 209 ##0 Programmer Am ##p ##lia C RT - D C ##lar ##ia C RT - D Co ##mp ##ia C RT - D Concerto C RT - D Concerto II C RT - D Consul ##ta C RT - D Ever ##a I ##CD Maximo II C RT - D and I ##CD Mir ##ro I ##CD Na ##yam ##ed N ##D I ##CD P ##rim ##o I ##CD Protect a I ##CD and C RT - D Se ##cu ##ra I ##CD V ##irt ##uo ##so I ##CD V ##irt ##uo ##so II I ##CD V ##isi ##a A ##F I ##CD and Viva C RT - D does not implement authentication or auth or ##ization . An attacker with adjacent short - range access to an affected product in situations where the product s radio is turned on can inject replay mod if ##y and / or int er ##ce ##pt data within the te ##lem ##et ##ry communication . This communication protocol provides the ability to read and w ##r ite memory values to affected implant ed cardiac dev ice ##s ; therefore an attacker could exploit this communication protocol to change memory in the implant ed cardiac dev ice . [SEP]
LIME (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT-D Claria CRT-D Compia CRT-D Concerto CRT-D Concerto II CRT-D Consulta CRT-D Evera ICD Maximo II CRT-D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT-D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product in situations where the product’s radio is turned on can inject replay modify and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device.
SHAP (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT- D Claria CRT- D Compia CRT- D Concerto CRT- D Concerto II CRT- D Consulta CRT- D Evera ICD Maximo II CRT- D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT- D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT- D does not implement authentication or authorization. An attacker with adjacent short- range access to an affected product in situations where the product’ s radio is turned on can inject replay modify and/ or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device
lrp-distilbert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The Con ##ex ##us te ##lem ##et ##ry protocol utilized within Medtronic MyCareLink Monitor versions 249 ##50 and 249 ##5 ##2 CareLink Monitor version 249 ##0 ##C CareLink 209 ##0 Programmer Am ##p ##lia C RT - D C ##lar ##ia C RT - D Co ##mp ##ia C RT - D Concerto C RT - D Concerto II C RT - D Consul ##ta C RT - D Ever ##a I ##CD Maximo II C RT - D and I ##CD Mir ##ro I ##CD Na ##yam ##ed N ##D I ##CD P ##rim ##o I ##CD Protect a I ##CD and C RT - D Se ##cu ##ra I ##CD V ##irt ##uo ##so I ##CD V ##irt ##uo ##so II I ##CD V ##isi ##a A ##F I ##CD and Viva C RT - D does not implement authentication or auth or ##ization . An attacker with adjacent short - range access to an affected product in situations where the product s radio is turned on can inject replay mod if ##y and / or int er ##ce ##pt data within the te ##lem ##et ##ry communication . This communication protocol provides the ability to read and w ##r ite memory values to affected implant ed cardiac dev ice ##s ; therefore an attacker could exploit this communication protocol to change memory in the implant ed cardiac dev ice . [SEP]
LRP (+Pred, pos-only)
[CLS] The Con ##ex ##us te ##lem ##et ##ry protocol utilized within Medtronic MyCareLink Monitor versions 249 ##50 and 249 ##5 ##2 CareLink Monitor version 249 ##0 ##C CareLink 209 ##0 Programmer Am ##p ##lia C RT - D C ##lar ##ia C RT - D Co ##mp ##ia C RT - D Concerto C RT - D Concerto II C RT - D Consul ##ta C RT - D Ever ##a I ##CD Maximo II C RT - D and I ##CD Mir ##ro I ##CD Na ##yam ##ed N ##D I ##CD P ##rim ##o I ##CD Protect a I ##CD and C RT - D Se ##cu ##ra I ##CD V ##irt ##uo ##so I ##CD V ##irt ##uo ##so II I ##CD V ##isi ##a A ##F I ##CD and Viva C RT - D does not implement authentication or auth or ##ization . An attacker with adjacent short - range access to an affected product in situations where the product s radio is turned on can inject replay mod if ##y and / or int er ##ce ##pt data within the te ##lem ##et ##ry communication . This communication protocol provides the ability to read and w ##r ite memory values to affected implant ed cardiac dev ice ##s ; therefore an attacker could exploit this communication protocol to change memory in the implant ed cardiac dev ice . [SEP]
LIME (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT-D Claria CRT-D Compia CRT-D Concerto CRT-D Concerto II CRT-D Consulta CRT-D Evera ICD Maximo II CRT-D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT-D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product in situations where the product’s radio is turned on can inject replay modify and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device.
SHAP (words)
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952 CareLink Monitor version 2490C CareLink 2090 Programmer Amplia CRT- D Claria CRT- D Compia CRT- D Concerto CRT- D Concerto II CRT- D Consulta CRT- D Evera ICD Maximo II CRT- D and ICD Mirro ICD Nayamed ND ICD Primo ICD Protecta ICD and CRT- D Secura ICD Virtuoso ICD Virtuoso II ICD Visia AF ICD and Viva CRT- D does not implement authentication or authorization. An attacker with adjacent short- range access to an affected product in situations where the product’ s radio is turned on can inject replay modify and/ or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore an attacker could exploit this communication protocol to change memory in the implanted cardiac device
#74 · cve_id CVE-2023-24388 · c
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-Site Request Forgery ( CSRF ) ▁vulnerability ▁in ▁W p D ev Art Booking ▁calendar Appointment Booking ▁System plugin ▁< = ▁3 . 2 . 3 ▁versions ▁affects plugin ▁forms ▁actions ( create duplicate ▁edit delete ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create duplicate edit delete).
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <=  3. 2. 3 versions affects  plugin forms actions ( create duplicate edit delete
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in W ##p ##D ##ev ##A ##rt Booking calendar Appointment Booking System plugin < = 3 . 2 . 3 versions affects plugin forms actions ( create duplicate edit delete ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in W ##p ##D ##ev ##A ##rt Booking calendar Appointment Booking System plugin < = 3 . 2 . 3 versions affects plugin forms actions ( create duplicate edit delete ) . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create duplicate edit delete).
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <=  3. 2. 3 versions affects  plugin forms actions ( create duplicate edit delete
lrp-distilbert · Pred=HIGH (2) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in W ##p ##D ##ev ##A ##rt Booking calendar Appointment Booking System plugin < = 3 . 2 . 3 versions affects plugin forms actions ( create duplicate edit delete ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in W ##p ##D ##ev ##A ##rt Booking calendar Appointment Booking System plugin < = 3 . 2 . 3 versions affects plugin forms actions ( create duplicate edit delete ) . [SEP]
LIME (words)
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create duplicate edit delete).
SHAP (words)
Cross- Site Request Forgery ( CSRF) vulnerability in WpDevArt Booking calendar Appointment Booking System plugin <=  3. 2. 3 versions affects  plugin forms actions ( create duplicate edit delete
#75 · cve_id CVE-2017-20058 · c
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability cla ssi fi ed ▁as ▁problematic ▁was ▁found ▁in ▁El ef ant CMS ▁1 . 3 . 12 - RC . Affected ▁by ▁this ▁vulnerability ▁is ▁an ▁unknown ▁functionality ▁of ▁the ▁component ▁Version ▁Comparison . ▁The ▁manipulation ▁leads ▁to ▁basic ▁cross ▁site scripting ( Persistent ) . ▁The ▁attack ▁can ▁be ▁launched ▁remotely . ▁Up grad ing ▁to ▁version ▁1 . 3 . 13 ▁is ▁able ▁to ▁address ▁this ▁issue . ▁It ▁is ▁recommended ▁to ▁upgrade ▁the ▁affected ▁component . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
SHAP (words)
A vulnerability classified as problematic was found in Elefant CMS 1. 3. 12- RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting ( Persistent). The attack can be launched remotely. Upgrading to version 1. 3. 13 is able to address this issue. It is recommended to upgrade the affected component
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic was found in El ##ef ##ant CMS 1 . 3 . 12 - RC . Affected by this vulnerability is an unknown functionality of the component Ver si ##on Co ##mp ##aris ##on . The man ip ul ##ation leads to basic cross s ite scripting ( Persistent ) . The attack can be launched remotely . Up ##grading to version 1 . 3 . 13 is able to address this issue . It is recommended to upgrade the affected component . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic was found in El ##ef ##ant CMS 1 . 3 . 12 - RC . Affected by this vulnerability is an unknown functionality of the component Ver si ##on Co ##mp ##aris ##on . The man ip ul ##ation leads to basic cross s ite scripting ( Persistent ) . The attack can be launched remotely . Up ##grading to version 1 . 3 . 13 is able to address this issue . It is recommended to upgrade the affected component . [SEP]
LIME (words)
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
SHAP (words)
A vulnerability classified as problematic was found in Elefant CMS 1. 3. 12- RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting ( Persistent). The attack can be launched remotely. Upgrading to version 1. 3. 13 is able to address this issue. It is recommended to upgrade the affected component
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic was found in El ##ef ##ant CMS 1 . 3 . 12 - RC . Affected by this vulnerability is an unknown functionality of the component Ver si ##on Co ##mp ##aris ##on . The man ip ul ##ation leads to basic cross s ite scripting ( Persistent ) . The attack can be launched remotely . Up ##grading to version 1 . 3 . 13 is able to address this issue . It is recommended to upgrade the affected component . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic was found in El ##ef ##ant CMS 1 . 3 . 12 - RC . Affected by this vulnerability is an unknown functionality of the component Ver si ##on Co ##mp ##aris ##on . The man ip ul ##ation leads to basic cross s ite scripting ( Persistent ) . The attack can be launched remotely . Up ##grading to version 1 . 3 . 13 is able to address this issue . It is recommended to upgrade the affected component . [SEP]
LIME (words)
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.
SHAP (words)
A vulnerability classified as problematic was found in Elefant CMS 1. 3. 12- RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting ( Persistent). The attack can be launched remotely. Upgrading to version 1. 3. 13 is able to address this issue. It is recommended to upgrade the affected component
#76 · cve_id CVE-2022-23680 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A OS - CX ▁lacks ▁Anti - CSRF protections ▁in ▁place ▁for ▁state -c ▁hanging ▁operations . ▁This ▁can ▁potentially ▁be ▁exploited ▁by ▁an ▁attacker ▁to ▁execute ▁commands ▁in ▁the ▁context ▁of ▁another ▁user ▁in Aruba ▁OS - CX Switches ▁version ( s ) : ▁A OS - CX ▁10 . 10 . xxx x : ▁10 . 10 . 000 2 ▁and ▁below ▁A OS - CX ▁10 . 09 . xxx x : ▁10 . 09 . 10 20 ▁and ▁below ▁A OS - CX ▁10 . 08 . x xxx : ▁10 . 08 . 10 60 ▁and ▁below ▁A OS - CX ▁10 . 06 . xxx x : ▁10 . 06 . 0 200 ▁and ▁below . Aruba ▁has ▁released ▁upgrades ▁for Aruba ▁OS - CX Switch Devices ▁that ▁address ▁this ▁security ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below AOS-CX 10.09.xxxx: 10.09.1020 and below AOS-CX 10.08.xxxx: 10.08.1060 and below AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
SHAP (words)
AOS- CX lacks Anti- CSRF protections in place for state- changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS- CX Switches version( s): AOS- CX 10. 10. xxxx: 10. 10. 0002 and below AOS- CX 10. 09. xxxx: 10. 09. 1020 and below AOS- CX 10. 08. xxxx: 10. 08. 1060 and below AOS- CX 10. 06. xxxx: 10. 06. 0200 and below. Aruba has released upgrades for ArubaOS- CX Switch Devices that address this security vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A ##OS - CX lacks Anti - CSRF protections in place for state -c hanging operations . This can potentially be ex ##p ##lo ite d by an attacker to exec u ##te commands in the context of another user in Aruba OS - CX Switches version ( s ) : A ##OS - CX 10 . 10 . x ##x ##x ##x : 10 . 10 . 000 ##2 and below A ##OS - CX 10 . 09 . x ##x ##x ##x : 10 . 09 . 102 ##0 and below A ##OS - CX 10 . 08 . x ##x ##x ##x : 10 . 08 . 106 ##0 and below A ##OS - CX 10 . 06 . x ##x ##x ##x : 10 . 06 . 02 ##00 and below . Aruba has released upgrades for Aruba OS - CX Switch Devices that address this se ##c uri t ##y vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A ##OS - CX lacks Anti - CSRF protections in place for state -c hanging operations . This can potentially be ex ##p ##lo ite d by an attacker to exec u ##te commands in the context of another user in Aruba OS - CX Switches version ( s ) : A ##OS - CX 10 . 10 . x ##x ##x ##x : 10 . 10 . 000 ##2 and below A ##OS - CX 10 . 09 . x ##x ##x ##x : 10 . 09 . 102 ##0 and below A ##OS - CX 10 . 08 . x ##x ##x ##x : 10 . 08 . 106 ##0 and below A ##OS - CX 10 . 06 . x ##x ##x ##x : 10 . 06 . 02 ##00 and below . Aruba has released upgrades for Aruba OS - CX Switch Devices that address this se ##c uri t ##y vulnerability . [SEP]
LIME (words)
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below AOS-CX 10.09.xxxx: 10.09.1020 and below AOS-CX 10.08.xxxx: 10.08.1060 and below AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
SHAP (words)
AOS- CX lacks Anti- CSRF protections in place for state- changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS- CX Switches version( s): AOS- CX 10. 10. xxxx: 10. 10. 0002 and below AOS- CX 10. 09. xxxx: 10. 09. 1020 and below AOS- CX 10. 08. xxxx: 10. 08. 1060 and below AOS- CX 10. 06. xxxx: 10. 06. 0200 and below. Aruba has released upgrades for ArubaOS- CX Switch Devices that address this security vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A ##OS - CX lacks Anti - CSRF protections in place for state -c hanging operations . This can potentially be ex ##p ##lo ite d by an attacker to exec u ##te commands in the context of another user in Aruba OS - CX Switches version ( s ) : A ##OS - CX 10 . 10 . x ##x ##x ##x : 10 . 10 . 000 ##2 and below A ##OS - CX 10 . 09 . x ##x ##x ##x : 10 . 09 . 102 ##0 and below A ##OS - CX 10 . 08 . x ##x ##x ##x : 10 . 08 . 106 ##0 and below A ##OS - CX 10 . 06 . x ##x ##x ##x : 10 . 06 . 02 ##00 and below . Aruba has released upgrades for Aruba OS - CX Switch Devices that address this se ##c uri t ##y vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A ##OS - CX lacks Anti - CSRF protections in place for state -c hanging operations . This can potentially be ex ##p ##lo ite d by an attacker to exec u ##te commands in the context of another user in Aruba OS - CX Switches version ( s ) : A ##OS - CX 10 . 10 . x ##x ##x ##x : 10 . 10 . 000 ##2 and below A ##OS - CX 10 . 09 . x ##x ##x ##x : 10 . 09 . 102 ##0 and below A ##OS - CX 10 . 08 . x ##x ##x ##x : 10 . 08 . 106 ##0 and below A ##OS - CX 10 . 06 . x ##x ##x ##x : 10 . 06 . 02 ##00 and below . Aruba has released upgrades for Aruba OS - CX Switch Devices that address this se ##c uri t ##y vulnerability . [SEP]
LIME (words)
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below AOS-CX 10.09.xxxx: 10.09.1020 and below AOS-CX 10.08.xxxx: 10.08.1060 and below AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.
SHAP (words)
AOS- CX lacks Anti- CSRF protections in place for state- changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS- CX Switches version( s): AOS- CX 10. 10. xxxx: 10. 10. 0002 and below AOS- CX 10. 09. xxxx: 10. 09. 1020 and below AOS- CX 10. 08. xxxx: 10. 08. 1060 and below AOS- CX 10. 06. xxxx: 10. 06. 0200 and below. Aruba has released upgrades for ArubaOS- CX Switch Devices that address this security vulnerability
#77 · cve_id CVE-2021-38644 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft ▁MPEG - 2 ▁Video ▁Extension Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
SHAP (words)
Microsoft MPEG- 2 Video Extension Remote Code Execution Vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft M PE G - 2 Video Extension Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft M PE G - 2 Video Extension Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
SHAP (words)
Microsoft MPEG- 2 Video Extension Remote Code Execution Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft M PE G - 2 Video Extension Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft M PE G - 2 Video Extension Remote Code Execution Vulnerability [SEP]
LIME (words)
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
SHAP (words)
Microsoft MPEG- 2 Video Extension Remote Code Execution Vulnerability
#78 · cve_id CVE-2022-25429 · c
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Tenda ▁AC 9 ▁v 15 . 03 . 2 . 21 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁buffer overflow ▁via ▁the ▁time param eter ▁in ▁the ▁save parent control info ▁function . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
SHAP (words)
Tenda AC9 v15. 03. 2. 21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function
lrp-bert · Pred=NONE (0) · p=0.91 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AC ##9 v ##15 . 03 . 2 . 21 was di sc over ##ed to contain a buffer overflow via the time param et ##er in the save ##par ##ent ##con ##tro ##lin ##fo function . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AC ##9 v ##15 . 03 . 2 . 21 was di sc over ##ed to contain a buffer overflow via the time param et ##er in the save ##par ##ent ##con ##tro ##lin ##fo function . [SEP]
LIME (words)
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
SHAP (words)
Tenda AC9 v15. 03. 2. 21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function
lrp-distilbert · Pred=NONE (0) · p=0.84 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AC ##9 v ##15 . 03 . 2 . 21 was di sc over ##ed to contain a buffer overflow via the time param et ##er in the save ##par ##ent ##con ##tro ##lin ##fo function . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AC ##9 v ##15 . 03 . 2 . 21 was di sc over ##ed to contain a buffer overflow via the time param et ##er in the save ##par ##ent ##con ##tro ##lin ##fo function . [SEP]
LIME (words)
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
SHAP (words)
Tenda AC9 v15. 03. 2. 21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function
#79 · cve_id CVE-2019-19352 · c
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An insecure ▁modification ▁vulnerability ▁in ▁the / et c / pass w d ▁file ▁was ▁found ▁in ▁the ▁operator - frame work / pre s to ▁as ▁shipped ▁in ▁Red ▁Hat Openshift ▁4 . ▁An ▁attacker ▁with ▁access ▁to ▁the ▁container ▁could ▁use ▁this flaw ▁to ▁modify / et c / pass w d ▁and escalate ▁their ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
SHAP (words)
An insecure modification vulnerability in the / etc/ passwd file was found in the operator- framework/ presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify / etc/ passwd and escalate their privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An insecure mod if ##ica ##tion vulnerability in the / etc / pass ##w ##d file was found in the operator - framework / pre ##sto as s ##h ip p ##ed in Red Hat Openshift 4 . An attacker with access to the container could use this flaw to mod if ##y / etc / pass ##w ##d and escalate their privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] An insecure mod if ##ica ##tion vulnerability in the / etc / pass ##w ##d file was found in the operator - framework / pre ##sto as s ##h ip p ##ed in Red Hat Openshift 4 . An attacker with access to the container could use this flaw to mod if ##y / etc / pass ##w ##d and escalate their privileges . [SEP]
LIME (words)
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
SHAP (words)
An insecure modification vulnerability in the / etc/ passwd file was found in the operator- framework/ presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify / etc/ passwd and escalate their privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An insecure mod if ##ica ##tion vulnerability in the / etc / pass ##w ##d file was found in the operator - framework / pre ##sto as s ##h ip p ##ed in Red Hat Openshift 4 . An attacker with access to the container could use this flaw to mod if ##y / etc / pass ##w ##d and escalate their privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] An insecure mod if ##ica ##tion vulnerability in the / etc / pass ##w ##d file was found in the operator - framework / pre ##sto as s ##h ip p ##ed in Red Hat Openshift 4 . An attacker with access to the container could use this flaw to mod if ##y / etc / pass ##w ##d and escalate their privileges . [SEP]
LIME (words)
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
SHAP (words)
An insecure modification vulnerability in the / etc/ passwd file was found in the operator- framework/ presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify / etc/ passwd and escalate their privileges
#80 · cve_id CVE-2021-35300 · c
GT=NONE (0)
xlnet · Pred=LOW (1) · p=0.88 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Text inject ion / Con tent Spoofing ▁in ▁404 ▁page ▁in Zammad ▁1 . 0 . x ▁up ▁to ▁4 . 0 . 0 ▁could ▁allow ▁remote ▁attackers ▁to ▁manipulate ▁users ▁into ▁visiting ▁the ▁attackers ' ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
SHAP (words)
Text injection/ Content Spoofing in 404 page in Zammad 1. 0. x up to 4. 0. 0 could allow remote attackers to manipulate users into visiting the attackers' page
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Text inject ion / Content Spoofing in 404 page in Zammad 1 . 0 . x up to 4 . 0 . 0 could allow remote attackers to man ip ul ##ate users int o visiting the attackers ' page . [SEP]
LRP (+Pred, pos-only)
[CLS] Text inject ion / Content Spoofing in 404 page in Zammad 1 . 0 . x up to 4 . 0 . 0 could allow remote attackers to man ip ul ##ate users int o visiting the attackers ' page . [SEP]
LIME (words)
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
SHAP (words)
Text injection/ Content Spoofing in 404 page in Zammad 1. 0. x up to 4. 0. 0 could allow remote attackers to manipulate users into visiting the attackers' page
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Text inject ion / Content Spoofing in 404 page in Zammad 1 . 0 . x up to 4 . 0 . 0 could allow remote attackers to man ip ul ##ate users int o visiting the attackers ' page . [SEP]
LRP (+Pred, pos-only)
[CLS] Text inject ion / Content Spoofing in 404 page in Zammad 1 . 0 . x up to 4 . 0 . 0 could allow remote attackers to man ip ul ##ate users int o visiting the attackers ' page . [SEP]
LIME (words)
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
SHAP (words)
Text injection/ Content Spoofing in 404 page in Zammad 1. 0. x up to 4. 0. 0 could allow remote attackers to manipulate users into visiting the attackers' page